STIX/TAXII feed processor

Home » Features » STIX/TAXII threat i ntelligence

In today's evolving threat landscape, the key to efficient threat mitigation is early threat detection, and the key to this process is access to up-to-date, global threat information. However, organizations don't possess this kind of information in house. Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of I ntelligence Information (TAXII) protocols emerged to fill this gap, providing globally applicable standards for identifying and sharing threat information.

One of the greatest strengths of EventLog Analyzer's threat i ntelligence platform is its support for STIX/TAXII protocols. EventLog Analyzer processes STIX/TAXII-based feeds to alert you in real time when globally blocklisted IPs and URLs interact with your network.

STIX

STIX provides a common language for describing cyberthreat information so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation. STIX helps defend networks and systems against cyberthreats by giving cyber defenders, cyberthreat analysts, malware analysts, security tool vendors, security researchers, and threat sharing communities access to standardized threat information.

TAXII

TAXII is a community effort to standardize the trusted, automated exchange of cyberthreat information. TAXII defines a set of services and message exchanges that, when implemented, enable organizations to share actionable cyberthreat information with one another.

Want to perform threat management fron the cloud?

The formats of STIX/TAXII

EventLog Analyzer's threat i ntelligence platform supports two different formats of the STIX/TAXII protocol, namely, STIX 1/TAXII 1.0 and its successors, STIX 2/TAXII 2.0 and STIX 2.1/TAXII 2.1.

The first version of the STIX standard is referred to as STIX 1/TAXII 1.0. To represent and exchange threat i ntelligence data, STIX 1/TAXII 1.0 mainly uses extensible markup language (XML). However, STIX 1/TAXII 1.0 has certain limitations. STIX 1/TAXII 1.0 was difficult to work with and comprehend due to its verbose and complex data model. The data model was simplified using STIX 2/TAXII 2.0 and STIX 2.1/TAXII 2.1, which improved its usability and intuitiveness.

Considering these limitations and to meet the demands of organizations, EventLog Analyzer has expanded its support for STIX 2/TAXII 2.0 and STIX 2.1/TAXII 2.1 versions. They offer a more adaptable, interoperable, and contemporary architecture for representing and exchanging cybersecurity threat i ntelligence. JavaScript Object Notation (JSON) is the primary format used by these versions to represent threat i ntelligence data. Also, STIX 2 provides rich threat i ntelligence data through its structured and standardized data model, which allows for the representation and sharing of a wide range of information about cyberthreats.

Leverage threat i ntelligence.

Get Your Free Trial

EventLog Analyzer offers quick-deploy integration with the following vendors:

The threat i ntelligence feeds listed below come from reputable suppliers. They update their feeds frequently in order to offer better service over time. These feeds are filled with detailed threat i ntelligence information that may be used to understand attackers better, react to incidents more quickly, and anticipate a threat actor's next move. EventLog Analyzer is the best choice to swiftly deploy these services.

 

AlienVault OTX

Learn more about AlienVault OTX API, and sign up to receive an API key.

 

Cyware Threat I ntelligence

Learn more about Cyware Threat I ntelligence Feeds. To receive credentials, sign up here.

 

IBM X-Force

Learn more about the IBM X-Force integration. To purchase this integration, please contact IBM.

 

Kaspersky

Learn more about Kaspersky Threat Feeds. To purchase this integration, please contact Kaspersky.

 

PulseDive

Learn more about PulseDive. To purchase this integration, please contact PulseDive.

 

Sectrio

Learn more about Sectrio. To purchase this integration, please contact Sectrio.

 

SecAlliance- ThreatMatch I ntelligence

Learn more about ThreatMatch. To purchase this integration, please contact ThreatMatch.

Bottom banner

Other features

Syslog management

Collect and analyze Syslog data from routers, switches, firewalls, IDS/IPS, Linux/Unix servers, and more. Get in-depth reports for every security event. Receive real-time alerts for anomalies and breaches.

Windows event log monitoring

Analyze event log data to detect security events such as file/folder changes, registry changes, and more. Study DDoS, Flood, Syn, and Spoof attacks in detail with predefined reports.

IT compliance management

Comply with the stringent requirements of regulatory mandates viz., PCI DSS, FISMA, HIPAA, and more with predefined reports & alerts. Customize existing reports or build new reports to meet internal security needs.

Active Directory Log Monitoring

Monitor all types of log data from Active Directory infrastructure. Track failure incidents in real-time and build custom reports to monitor specific Active Directory events of your interest.

Privileged user monitoring

Monitor and track privileged user activities to meet PUMA requirements. Get out-of-the-box reports on critical activities such as logon failures, reason for logon failure, and more.

Print Server Management

Monitor and audit print server with detailed reports on documents printed, attempts to print documents without proper permission, failed print jobs and their causes, and more.

Need Features? Tell Us
If you want to see additional features implemented in EventLog Analyzer, we would love to hear. Click here to continue

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Infosys
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

Awards and Recognitions

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
A Single Pane of Glass for Comprehensive Log Management