The Cyber Threat
Sharing Platform

CatchProbe’s ThreatWay platform provides threat intelligence data collected from multiple sources and enables you to share them with your inter- and intra-organizations.

Catchprobe ThreatWay

The Cyber Threat Sharing Platforms;

  • TAXII, STIX & CyBox Relationship
  • SIEM and Log management integration
  • Alerts and Reporting
split Images

CatchProbe ThreatWay Platform

A ready-made environment for actionable cyber intelligence providing auto-response features

The CatchProbe ThreatWay platform can deliver data from more than 100 different sources in real time. Data is obtained from these sources with API support or crawling processes. Source-independent threat information supplies can be edited and processed. The number of resources is designed to be increased according to customer requirements.

The CatchProbe ThreatWay platform normalizes data from different sources. Uniform data easily becomes available for distribution. Data translated into JSON and STIX types can be shared with or between institutions in milliseconds with the TAXII protocol.

The platform enriches the threat intelligence data it receives and stores it in its own database. This allows for the identification of IP and URL-based threats. CatchProbe’s database includes IP addresses, locations, service providers and other components like domain names (Domain), WHOIS records, DNS records (MX, CNAME, A, etc.) and many more.

split Images

Cyber intelligence research with CatchProbe empowers your analysis by

automatically enriching the information acquired from hundreds of sources and helping you better understand threats.

The Catchprobe ThreatWay platform structures data so you can match information about all threats registered in the database. When the platform identifies similar threat data from an attacker from different threats obtained on different dates, it easily cross-references these relationships for analysts, adding strength to their cyber intelligence research.

ThreatWay’s intelligence pool can be created within organizations according to the requests of the authorized unit. It is also possible for associated organizations to share intelligence data with each other. Units that are part of the same organization continue to benefit from CatchProbe Threatway's data sources while sharing threat intelligence internally without interruption.

split Images

split Images

CatchProbe’s ThreatWay Module

relieves you of the stress of having to track threats.

Catchprobe’s ThreatWay Platform has multiple visualization interfaces. These interfaces make it is possible to conduct research on collected intelligence data.

A. Phishing Activities Tracking Module

The Catchprobe ThreatWay platform's phishing monitoring module tracks phishing attacks worldwide in real time. Thanks to this module, domain names used in attacks and new methods of phishing attacks are easily followed. All data about the domains used in the attack is enriched.

B. Newly Registered Domain Names Identification Module

Catchprobe Threatway platform's newly registered domain names tracking module tracks all newly purchased domain names. The module generates alerts for potential domain names useable in phishing attacks. All registration information about the domains is stored in the database and can be cross-referenced with the original records if future domain name changes occur.

C. DoS/DDoS Attack Tracking List

The Catchprobe ThreatWay platform visualizes and enriches global DoS/DDoS attacks through existing platform resources. Global and local investigation are possible as attack details can be accessed through to the interface.

split Images

split Images

TAXII, STIX & CybOX Relationships

cover all threats with TAXII/STIX or REST API.

The CatchProbe ThreatWay platform uses the TAXII protocol, the global standard for exchanging of intelligence information. TAXII (Trusted Automated Exchange of Indicator Information) is an open transport mechanism that standardizes the automatic exchange of cyber threat information. TAXII enables you to share threats with your chosen partners while strengthening existing relationships and systems between organizations.


In-Depth Analysis and Intelligence Collection

Structured Threat Information Expression (STIX) is a structured language for defining cyber threat data that allows data to be shared, stored, and analyzed in a consistent manner. The STIX framework covers the full range of potential cyber threat data elements and strives to be descriptive, flexible, - automated, and human-readable. This is the CatchProbe Threatway platform’s standard for sharing threat intelligence.


In-Depth Analysis and Intelligence Collection

CybOX a standard scheme for the identification, capture, characterization and communication of events or situational features that are observable in all system and network operations. It includes elements such as event management / logging, malware characterization, intrusion detection / prevention, incident response and digital forensics. CybOX aims to provide common structure and content types for cyber analysts in a wide range of use cases to improve consistency and interoperability. Standardization is provided using CybOX schema within the platform.

SIEM And Log Management Integration

In-Depth Analysis and Intelligence Collection

In order to achieve successful SIEM integration scenarios and other log management tools with the CatchProbe ThreatWay platform, some conditions must be met. The most important requirement is that relevant systems have an API that can talk to the TAXII protocol or platform. In both cases, the ThreatWay platform can efficiently share collected data.

Alerts And Reporting

In-Depth Analysis and Intelligence Collection

Alert generation and reporting are another important feature of the system. In addition to numerical reports, such as how much data comes from which source on the system's landing interface, how much threat intelligence is shared in total, as well as other customized reports, it is possible to automatically retrieve information from the system.