16 Integrations · One Feed Pipeline
Same curated IOC set, exported in whatever format your firewall, SIEM, or EDR expects. Pull every endpoint with the same bearer token; we sign every feed with ed25519 and tell you how many rows were filtered, so you can audit the chain.
Composite-score gating (across every format)
Every endpoint accepts ?min_score=N (0-100). Use it to ship only verified, high-signal IOCs:
# Full feed (default)
curl -H "Authorization: Bearer $TOKEN" \
https://cti.zedmos.net/v1/feeds/security/phishing/fortinet.txt
# High-confidence only (composite ≥ 70) — fewer rows, near-zero FPs
curl -H "Authorization: Bearer $TOKEN" \
"https://cti.zedmos.net/v1/feeds/security/phishing/fortinet.txt?min_score=70"
# Includes X-Tihub-Min-Score and X-Tihub-Row-Count headers for auditNeed another integration?
Drop us an email. STIX 2.1 / TAXII 2.1 already covers most TIPs (OpenCTI, MISP, ThreatConnect, ThreatQuotient). For everything else we can write a custom exporter in < 1 day.
Per-rule severity
Suricata rules carry priority:N and tihub_threat metadata derived from the composite score. CheckPoint and Sophos CSVs include their native severity columns. Vendor docs in each export's X-Tihub-Vendor header.
MITRE-tagged Sigma
Sigma exports carry tags: attack.t1071.001, attack.command-and-control mapped per category. Compile to Splunk SPL / Elastic / Sentinel via sigmac. Coverage matrix →