<img src="https://ws.zoominfo.com/pixel/cEO5AncHScwpt6EaX0mY" width="1" height="1" style="display: none;">
Skip to main content

Cyber Threat Intelligence Router

Leverage the power of STIX2.1/TAXII2.1 to create, publish, subscribe, and route Cyber Threat Intelligence.

CTIR-Dotted Line

Who Can Benefit from a
Cyber Threat Intelligence Router?

Companies creating, consuming, and/or sharing Cyber Threat Intelligence (CTI) need a Cyber Threat Intelligence Router. Celerium’s solution is an interoperable and vendor-agnostic tool for authoring, aggregating, subscribing, and publishing CTI. It integrates with security applications and devices such as next generation firewalls (NGFW) and Security Information and Event Management (SIEM) software. It’s a flexible and scalable way to wrangle big data, de-duplicate, correlate, securely re-share, and action the intelligence.


Author / Publisher

Threat analysts create intelligence that is pushed to subscribers who act on the intelligence.



Aggregate CTI from various sources into a common STIX 1.x or STIX 2.1 format.



Machine-to-machine intelligence sharing via a publish-and- subscribe system. Connect a SIEM or STIX/TAXII- capable next generation firewall.

CTIR-Hub & Spoke

Hub & Spoke

ISACs and ISAOs aggregate, optionally anonymize, and re-distribute CTI to member organizations. This model is also used for enterprises with suppliers, subcontractors, and dealer networks.


STIX/TAXII 2.1 compliance and support. Author content that adheres to the OASIS specifications.

Easily create feeds or connect to open-source threat intelligence (incuding DHS AIS and Celerium’s PickUpSTIX feeds) and paid threat intelligence.

Integrate with tools in your existing security stack via the REST API.

The upload feature provides a quick and easy way to get data into the system.

Secure solution with access control measures. The tool can also be air-gapped for more security.

Support for various file formats:
STIX 1.1.1, 1.2, 2.1, XML, MAEC, CSV, YARA, JSON, CYBOX, Email.


Leverage Celerium’s PickUpSTIX feeds to bring in threat intelligence.

How Are Companies Using Celerium’s
Cyber Threat Intelligence Router?


Author / Publish

Leverage the STIX standard to create CTI with “Builders”, a Web User Interface for creating STIX 1.x or STIX 2.1. Build a community to share CTI and improve collective security.

Leverage the STIX 1.x/2.1 standards as a common language to improve understanding and streamline daily processes.



Retrieve CTI from other sources, add access control measures, and create feeds to forward to other security infrastructure.

Subscribe to CTI for internal security processes and workflows.

CTIR-Control Access

Control Access

Enforce filtering and access control for Traffic Light Protocol (TLP), Handling Caveats, and Information Sharing Architecture (ISA) Access Control Specification (ACS).

Filter CTI on the system with a blend of automation and manual mechanisms and then push other tools.