The Trusted Automated eXchange of Indicator Information (TAXII) defines protocols for securely exchanging threat Intel to have near real-time detection, prevention and mitigation of threats. The protocol supports two sharing models:

  • Collection: Threat intel is collected and hosted by a producer upon request by users using a request-response model.

  • Channel: Threat intel is pushed to users from a central server through a publish-subscribe model.