ThreatBolt™ — Threat Intelligence
ThreatBolt is CyberXTron's threat intelligence product, delivering curated, high-fidelity Indicators of Compromise (IOCs) to help security teams detect and block malicious activity across their infrastructure.
What ThreatBolt Provides
ThreatBolt continuously collects, validates, and enriches threat intelligence from multiple sources — including honeypots, dark web monitoring, malware analysis, and industry feeds — and makes it available in structured, machine-readable formats.
IOC Collections
| Collection | Description |
|---|---|
| Xtron Malicious-IP | IPv4/IPv6 addresses associated with C2 servers, scanners, and known threat actors |
| Xtron Malicious-Domain | Domains used for phishing, malware delivery, and command-and-control |
| Xtron Malicious-URL | Specific URLs hosting malicious content or exploit kits |
| Xtron Malicious-Hash | MD5, SHA-1, and SHA-256 file hashes of known malware samples |
Key Capabilities
- Validated IOCs — Each indicator is validated before publication to minimize false positives
- STIX 2.1 formatted — All intelligence is delivered in STIX 2.1 format, the industry standard for threat intelligence exchange
- TAXII 2.1 compatible — Native TAXII 2.1 server at
taxii.cyberxtron.comfor automated pull integration - REST API access — On-demand IOC retrieval via
apix.cyberxtron.com - Continuous updates — Collections are updated in real time as new threats are identified
Integration Options
TAXII 2.1 (Recommended for SIEM/TIP)
The most common integration method. Configure your SIEM, threat intelligence platform (TIP), or SOAR to poll ThreatBolt collections on a scheduled basis using the TAXII 2.1 protocol.
REST API
Pull IOC data programmatically using the ThreatBolt API. Suitable for custom integrations, scripts, and applications.
Supported Integrations
ThreatBolt intelligence can be ingested by any system that supports TAXII 2.1 or REST APIs, including:
- SIEMs — Splunk, Microsoft Sentinel, IBM QRadar, Elastic SIEM
- Threat Intelligence Platforms — OpenCTI, MISP, ThreatConnect, Anomali
- SOAR Platforms — Palo Alto XSOAR, Splunk SOAR, IBM Resilient
- Firewalls & EDR — Any system with API-based IOC blocking lists
Getting Access
ThreatBolt access credentials are provisioned by the CyberXTron team. To get started:
- Contact your CyberXTron account manager or reach out at support@cyberxtron.com
- Receive your TAXII user credentials and/or API key
- Configure your integration using the guides below
TAXII credentials and API keys are shared separately by the CyberXTron team and are not self-service at this time.