Cyware unveiled CyTAXII, a new open-source TAXII (Trusted Automated eXchange of Indicator Information) client that enables developers to ingest and share threat intelligence. CyTAXII provides the developer community with support for interacting with TAXII servers using a Python library.
“Cyware is dedicated to enabling end-to-end threat intelligence automation, sharing, and threat response for organizations globally. To reinforce this, Cyware developed CyTAXII to address the absence of a developer-friendly STIX TAXII client that supports intelligence sharing in the latest STIX formats,” said Avkash Kathiriya, Vice President of Research and Innovation, Cyware.
“CyTAXII is the only TAXII client that supports the STIX / TAXII implementation of both 2.0 and 2.1 STIX formats and is easily opened with the inbuilt Jupyter Notebook, making it simple for developers to ingest and share threat intelligence.”
TAXII is a collection of specifications defining a set of services and message exchanges used for sharing cyber threat intelligence information between parties. CyTAXII acts as a TAXII client that can be installed as a Python [Pip] Library.
It implements all TAXII services according to TAXII STIX 2.x specifications, such as consuming intel from sources like Cyware Threat Intelligence Feeds or any other sources that send threat intelligence in STIX format through TAXII protocol.
CyTAXII delivers value for organizations based on several key use cases:
Use CyTAXII with a Threat Intelligence Platform: Developers in an organization that uses a Threat Intelligence Platform (TIP), such as CTIX, can use CyTAXII to perform essential orchestration services with SIEM and EDR platforms to accelerate their incident detection and response capabilities.
Use CyTAXII without a Threat Intelligence Platform: Developers and security analysts in organizations who do not use a TIP can use CyTAXII to perform core TAXII server operations, including consuming intel from a collection (poll) or contributing intel into a collection (inbox).
Use CyTAXII with Cyware and other STIX feeds: Developers and security analysts can use CyTAXII with Cyware’s open-source Cyware Threat Intelligence Feeds or any STIX threat intelligence feeds and fetch valuable intel or contribute their intel to a collection on the TAXII server.
CyTAXII for ISACs/ISAOs: ISAC/ISAO members can leverage the out-of-box Python library to collect or share threat intelligence with ISAC/ISAO Hubs.
Cyware Threat Intelligence feeds provide users with valuable threat data from a wide range of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence. When developers sign up with Cyware Threat Intelligence feeds, they receive TAXII server credentials, including a user name, a password, and TAXII Server URLs.
This enables them to use these credentials to access the threat intel data in Cyware Threat feeds. Along with the TAXII client, developers and security analysts now also have TAXII server credentials from Cyware.