Threat intelligence is curated information about an existing or emerging cyberthreat that can be distributed for the purpose of improving defenses against a specific attack. Going beyond IP addresses, hashes, and other core threat identifiers, threat intelligence provides critical context around a threat activity, including indicators of compromise (IoC), indicators of attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary.

Through leadership within the threat intelligence sharing community and by developing technologies that more easily share and use threat intelligence, we help customers better identify and stop attacks.

Cyber Threat Alliance

Leading cybersecurity solution providers, including McAfee, have come together to share threat intelligence on advanced attacks, their motivations, and the tactics of the malicious actors behind them.

Learn More

Our Technologies

Threat intelligence sharing standards & government initiatives


TAXII™, the Trusted Automated eXchange of Indicator Information

A set of services and message exchanges, enabling automated and secure sharing of cyberthreat information.


STIX™, the Structured Threat Information eXpression

A structured exchange format used to convey specific cyberthreat information.


CybOX™, the Cyber Observable eXpression

A language for encoding “cyber observables,” providing a standardized representation of facts in the cyberdomain.


Government Initiatives

U.S. Cybersecurity Information Sharing Act of 2015 (S.754)

A U.S. federal government law that allows for the sharing of threat intelligence information.

U.S. Cybersecurity Information Sharing Act

U.S. Executive Order 13691—Commission on Enhancing National Cybersecurity

A U.S. presidential executive order forming a commission chartered to make recommendations to strengthen cybersecurity.

U.S. Executive Order

Information Sharing and Analysis Organization (ISAO) Standards Organization

Chartered to identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs, leading to more consistent sharing alliances.


US-CERT—Automated Indicator Sharing (AIS) Tool

Enables the exchange of cyberthreat indicators between the U.S. federal government and the private sector at machine speed.

AIS Tool