Integration of STIX/TAXII with ManageEngine Log360

ManageEngine Log360 enhances its threat detection, investigation, and response (TDIR) platform, Vigil IQ, by seamlessly integrating with STIX/TAXII standards. Log360 leverages the Structured Threat Information eXpression (STIX) format for standardized use of threat intelligence data from different sources. By leveraging Trusted Automated Exchange of Intelligence Information (TAXII) protocol, Log360 facilitates easy sharing and ingestion of threat feeds across different open source platforms.

This integration enables security teams to enrich their log data with actionable threat intelligence, enhancing their ability to detect, analyze, and mitigate sophisticated cyber threats in real-time. The synergy between Log360 and STIX/TAXII not only streamlines threat intelligence workflows but also empowers organizations to stay ahead of emerging threats with a proactive and informed defense strategy.

How the integration works

Log360's built-in Global Threat Intel Repository includes over 600 million threat feeds in the STIX/TAXII format ingested from trusted open sources across the globe. The threat feeds include malicious IPs, domain, and URLs.

The Global Threat Intel Repository, a cloud storage, gets synchronized and dynamically updated with the latest threat intel from the trusted sources. Users can choose to set a time period for refresh.

This threat feed gets correlated with network and user activity logs to detect intrusions and other malicious activities instantly.

Note: ManageEngine Log360 also partners with Webroot, BrightCloud's Threat Intelligence Service and Constella Intelligence for advanced threat intel and dark web data. It comes as a part of the solution's Advanced Threat Analytics.

How to configure STIX/TAXII servers

To integrate STIX/TAXII threat feeds with Log360, you need to configure the STIX/TAXII client in Log360. This will allow you to fetch and process threat intelligence data from TAXII servers, enhancing your security monitoring capabilities. For a detailed explanation of the configuration process, refer to this link:

Configuring STIX/TAXII servers

Top benefits of this integration

With ManageEngine Log360 supporting STIX/TAXII, organizations gain a powerful advantage in threat detection and response. Discover how this unified approach enhances your organization's cyber defense.

• Comprehensive and automated threat updates: Utilize data on malicious IPs, URLs, and IP ranges collected from multiple vendors to build a robust defense strategy. Stay up-to-date with the latest threat information through continuous data integration from STIX/TAXII vendors.
• Enhanced threat detection: Gain access to extensive global threat intelligence to improve the accuracy and speed of detecting potential threats and attacks in their early stages.
• Streamlined incident response: Reduce incident response times with automated alerts for logs flagged as malicious to enable your team to react swiftly to threats.

About STIX/TAXII

Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) are key standards in the field of cybersecurity designed to enhance the sharing and integration of threat intelligence across organizations and systems.

STIX: STIX is a standardized language and format used to represent cyberthreat information in a structured manner. It allows organizations to describe and share indicators of cyberthreats, such as malware signatures, IP addresses, and attack patterns, in a consistent and machine-readable format. STIX enables security teams to exchange actionable threat intelligence effectively, improving their ability to detect, respond to, and mitigate cyberthreats.

TAXII: TAXII is a set of protocols that facilitate the automated exchange of cyberthreat information in a standardized manner. It enables organizations to share STIX-formatted threat intelligence securely and efficiently. TAXII defines how STIX data should be transported, allowing for the automated retrieval and dissemination of threat information between different cybersecurity systems and platforms. This automation reduces manual effort, speeds up threat response times, and enhances the overall effectiveness of cybersecurity operations.

Together, STIX and TAXII form a crucial framework for the cybersecurity community, enabling organizations to collaborate and defend against cyberthreats more effectively by leveraging standardized, machine-readable threat intelligence.