Explore OpenCTI or OpenAEV platform with 30 days Free Trial!
XTM Hub by FiligranSign In
Ticura - AI-Native TI Feed logo

Ticura - AI-Native TI Feed

Vulnerability & Exploit Awareness
Infrastructure & Attack Surface Visibility
Cloud, Saas & Platform Security

Overview

Ticura delivers AI-native threat intelligence into OpenCTI via TAXII 2.1. Ticura's Unified Data Fabric aggregates, normalises & scores intel across hundreds of sources — publishing only validated, relevant data.

Threat intelligence teams face a paradox: more data than ever, yet less clarity on what actually matters to their organisation. Feeds proliferate, sources overlap, and analyst time is consumed not by analysis but by triage. Ticura was purpose-built to solve exactly this problem — and this integration brings that capability natively into OpenCTI.

What Ticura brings to your OpenCTI instance

Ticura's Unified Data Fabric ingests from hundreds of global threat intelligence sources spanning network telemetry, public cloud, SaaS, endpoint, identity, and darkweb. Before a single object reaches your OpenCTI environment, Ticura's AI and ML engine has already normalised it, cross-correlated it with other sources, assigned a source-effectiveness score, and stripped out what is redundant or unreliable. The result is a lean, high-fidelity STIX 2.1 feed that reflects the real threat landscape — not a firehose of indicators that degrades analyst confidence over time.

Intelligence that adapts to your environment

Unlike static commercial feeds, Ticura continuously re-evaluates its source portfolio based on observed effectiveness. Sources that generate noise or overlap with higher-quality alternatives are deprioritised automatically, meaning the feed delivered to your OpenCTI instance improves over time without any manual intervention. This dynamic optimisation is especially valuable in multi-source environments where redundancy is a hidden cost.

Full STIX 2.1 object coverage

The feed delivers the full breadth of STIX 2.1 objects that OpenCTI is designed to consume — not just indicators of compromise, but the threat context that makes them actionable: malware families, intrusion sets, campaigns, threat actors, attack patterns (MITRE ATT&CK-aligned), tools, and the relationships that connect them. SOC analysts, threat hunters, and CTI teams gain a graph of intelligence that supports investigation, not just blocking.

Built for SOCs, MSSPs, and enterprise CTI teams

Ticura is architected from the ground up for operational scale. MSSPs benefit from multi-tenant feed segmentation that ensures client environments receive appropriately scoped intelligence. Enterprise teams gain coverage across the full kill chain without the overhead of managing dozens of individual feed subscriptions. And because Ticura handles source curation, duplication, and quality scoring, lean CTI teams can punch well above their weight.

Deployment in minutes via XTM Hub

This feed is available as a one-click TAXII ingestion configuration through Filigran's XTM Hub. Download the configuration package, register your OpenCTI instance, and the feed is live. No custom connector development, no API wrangling — just intelligence flowing into the platform where your team already works.

Why Ticura on the Filigran Marketplace

  • AI-driven source optimisation — continuous quality scoring removes noise before it reaches OpenCTI
  • STIX 2.1 native — full object graph including TTPs, actors, campaigns, and relationships
  • Darkweb and breach monitoring indicators included out of the box
  • MSSP-ready with multi-tenant feed management
  • Vendor-independent — objective intelligence not anchored to any single vendor's telemetry
  • Deployed and operational in minutes via XTM Hub one-click configuration

Basic information

Filigran
Romain Guignard
TAXII Feeds
May 21, 2026
10+
0

    We use cookies to make the XTM Hub work, understand how it's used, and improve your experience. Strictly necessary cookies are always on. With your consent, we also use optional cookies for functionality, performance and analytics, and marketing. You can accept all, reject all, or choose which optional cookies to allow. You can change your preferences at any time via "Cookie settings". See our Cookie Policy for more information.