Data Products

STIX/TAXII Feeds

Standard threat intelligence format

Threat intelligence in STIX 2.1 format, delivered via TAXII 2.1. Compatible with all major threat intelligence platforms. Continuous, programmatic integration.

Get Access TAXII Setup

Capabilities

Key Features

Everything you need to protect your infrastructure and users

STIX 2.1

Latest standard format for threat intelligence.

TAXII 2.1 Server

Standard protocol for automated feed consumption.

Rich Objects

Indicators, malware, actors, campaigns, and more.

Relationships

Connected threat graph with STIX relationships.

Real-Time Updates

Poll for new objects continuously.

Legacy Support

STIX 1.x and TAXII 1.x also available.

Applications

Use Cases

How security teams use this tool

MISP Integration

Feed threat data into MISP instances.

OpenCTI

Enrich your OpenCTI platform.

Commercial TIPs

Integrate with ThreatConnect, Anomali, etc.

Custom Solutions

Build with any TAXII-compatible client.

Evaluation Facts

Use this layer to confirm whether the feed matches your CTI exchange, TIP synchronization, and enrichment requirements.

Formats: STIX 2.1 indicators, relationships, malware, campaigns, attack patterns, and threat actor objects.
Transport: TAXII 2.1 discovery, API roots, collections, objects, and manifest-compatible polling.
Consumers: OpenCTI, MISP, commercial TIPs, SIEM enrichment jobs, SOAR playbooks, and custom TAXII clients.
Access model: Authenticated access with API credentials, documented rate limits, and plan-based collection availability.
Best fit: Teams that need machine-readable CTI exchange instead of one-off analyst lookups or CSV exports.
Limitations: STIX/TAXII delivers normalized intelligence objects; sandbox detonation and endpoint telemetry remain external systems.

Connection Parameters

Connect your Threat Intelligence Platform (TIP) or custom TAXII client using the following standard parameters.

Discovery URL	https://api.ismalicious.com/taxii2/
Authentication	Basic Auth or HTTP Bearer (using your API Key as token/password)
Version	TAXII 2.1 (STIX 2.1)
Format Header	application/taxii+json;version=2.1

OpenCTI Integration

Native support via the built-in TAXII connector.

Install the TAXII 2 connector in OpenCTI.
Set the Discovery URL to https://api.ismalicious.com/taxii2/
Use Basic Auth: Username api and your API key as the password.
Select the threat collections you wish to import.

MISP Integration

Ingest feeds directly into MISP events and attributes.

Navigate to Sync Actions > Servers in MISP.
Add a new TAXII Server connection.
Enter the Discovery URL and your isMalicious API Key.
Configure fetch rules for automated pulling.

Supporting Guides

Threat intelligence sharing with STIX/TAXII Building IOC pipelines OpenCTI integration SIEM enrichment workflows

Support

Frequently Asked Questions

What STIX/TAXII versions do you support?

We support STIX 2.1 and TAXII 2.1. STIX 1.x and TAXII 1.x are available for legacy systems.

What platforms are compatible?

Any TAXII client works, including MISP, OpenCTI, Anomali ThreatStream, ThreatConnect, and custom solutions.

What STIX objects are included?

Indicators, malware, threat actors, campaigns, attack patterns, and relationships.

How do I connect?

Point your TAXII client to our discovery URL with your API key for authentication.

Explore

Related Tools

Threat Feeds

API feeds

SIEM Integration

SIEM solutions

API Docs

API reference

Get Started

Ready to Get Started?

Join thousands of security teams using isMalicious to protect their infrastructure.

Start Free Trial Contact Sales