Data Products

STIX/TAXII Feeds

Standard threat intelligence format

Threat intelligence in STIX 2.1 format, delivered via TAXII 2.1. Compatible with all major threat intelligence platforms. Continuous, programmatic integration.

Get AccessTAXII Setup

Key Features

Everything you need to protect your infrastructure and users

STIX 2.1

Latest standard format for threat intelligence.

TAXII 2.1 Server

Standard protocol for automated feed consumption.

Rich Objects

Indicators, malware, actors, campaigns, and more.

Relationships

Connected threat graph with STIX relationships.

Real-Time Updates

Poll for new objects continuously.

Legacy Support

STIX 1.x and TAXII 1.x also available.

Use Cases

How security teams use this tool

MISP Integration

Feed threat data into MISP instances.

OpenCTI

Enrich your OpenCTI platform.

Commercial TIPs

Integrate with ThreatConnect, Anomali, etc.

Custom Solutions

Build with any TAXII-compatible client.

Connection Parameters

Connect your Threat Intelligence Platform (TIP) or custom TAXII client using the following standard parameters.

Discovery URLhttps://api.ismalicious.com/taxii2/
AuthenticationBasic Auth or HTTP Bearer (using your API Key as token/password)
VersionTAXII 2.1 (STIX 2.1)
Format Headerapplication/taxii+json;version=2.1

OpenCTI Integration

Native support via the built-in TAXII connector.

  • Install the TAXII 2 connector in OpenCTI.
  • Set the Discovery URL to https://api.ismalicious.com/taxii2/
  • Use Basic Auth: Username api and your API key as the password.
  • Select the threat collections you wish to import.

MISP Integration

Ingest feeds directly into MISP events and attributes.

  • Navigate to Sync Actions > Servers in MISP.
  • Add a new TAXII Server connection.
  • Enter the Discovery URL and your isMalicious API Key.
  • Configure fetch rules for automated pulling.

Frequently Asked Questions

What STIX/TAXII versions do you support?
We support STIX 2.1 and TAXII 2.1. STIX 1.x and TAXII 1.x are available for legacy systems.
What platforms are compatible?
Any TAXII client works, including MISP, OpenCTI, Anomali ThreatStream, ThreatConnect, and custom solutions.
What STIX objects are included?
Indicators, malware, threat actors, campaigns, attack patterns, and relationships.
How do I connect?
Point your TAXII client to our discovery URL with your API key for authentication.

Related Tools

Threat Feeds

API feeds

SIEM Integration

SIEM solutions

API Docs

API reference

Ready to Get Started?

Join thousands of security teams using isMalicious to protect their infrastructure.

Start Free TrialContact Sales