FS-ISAC is an intelligence sharing community for financial services organizations. FS-ISAC provides feeds to their members containing intelligence surrounding threats targeting their industry. The FS-ISAC CDF enables the automatic ingestion of FS-ISAC feeds into ThreatQ. This integration acts as a TAXII client, fetching data from FS-ISAC’s TAXII server based on a user-configured collection, parsing the intelligence, and ingesting it into ThreatQ. This feed adds additional features on top of ThreatQ’s basic TAXII client functionality including, but not limited to, parsing object relationships out of STIX labels.

The integration provides the following feed:

• FS-ISAC - ingests intelligence from the FS-ISAC TAXII server.

The integration ingests the following system objects:

• Adversaries
• Attack Pattern
• Campaign
• Course Of Action
• Event
• Exploit Target
• Identity
• Incident
• Indicators
• Intrusion Set
• Malware
• Report
• Signatures
• Tools
• TTP