Skill UI

A comprehensive system for systematically collecting, categorizing, and enriching Indicators of Compromise (IOCs) from various sources (network logs, memory dumps, email, etc.). It supports the entire incident response lifecycle, ensuring structured data representation using STIX/TAXII formats for robust threat intelligence sharing and defensive system automation.

This skill guides the comprehensive evaluation and selection of Threat Intelligence Platforms (TIPs). It assesses vendor capabilities, including STIX/TAXII support, workflow automation, SIEM/SOAR integration, and total cost of ownership. It is essential for procurement decisions, migrating between TIP solutions, or assessing whether the current CTI program meets required maturity levels.

This skill guides the deployment and configuration of a TAXII 2.1 server using OpenTAXII. It enables automated, standardized exchange of STIX-formatted cyber threat intelligence (CTI) indicators between organizations. Use cases include establishing secure threat sharing pipelines, integrating with SIEM/SOAR platforms, and meeting stringent compliance requirements.