Standard Feed Formats
The feeds are available in standard formats to enable most members to ingest directly into their security devices.
Structured Threat Intelligence eXpression (STIX)
STIX is a free and open-source language and serialization format used to exchange CTI. CIS offers multiple collections that allow members to choose the kind of information that makes sense to ingest:
MS-ISAC Collection – This collection contains indicators derived from MS-ISAC resources only.
TLP GREEN Collection – This collection contains only TLP: GREEN indicators
TLP WHITE Collection – This collection contains only TLP: CLEAR indicators
Federal Collection – This collection contains indicators derived from the CISA Automated Indicator Sharing (AIS) community only.
Curated Feeds Collection – This collection contains indicators derived from all sources available to the CIS CTI team.
Trusted Automated eXchange of Intelligence Information (TAXII)
TAXII is an application protocol specifically designed for transmitting STIX data. Members do not need to maintain their own TAXII infrastructure; local security devices only need to accept a STIX feed from our TAXII server.
Malware Information Sharing Platform (MISP)
MISP is a free and open-source software developed and maintained by the Computer Incident Response Center of Luxembourg (CIRCL). It's designed to facilitate information sharing of threat intelligence, including but not limited to CTI.
The CIS MISP instance does not yet include all of the same information that is available in the STIX/TAXII feed, but we’re working on it! Stay tuned for more.