New Jersey Cyber Threat Information eXchange (NJCTIX)
Automating Awareness of Cyber Threats
The State of New Jersey, via the New Jersey Cybersecurity and Communication Integration Cell (NJCCIC), engages in Automated Indicator Sharing (AIS) as a public service for our citizens, governments, and businesses. Utilizing Soltra Edge, an open-source intelligence automation platform, the NJCCIC shares vetted cyber threat information in real-time with its members. Users can consume the NJCTIX feed via a peer connection or access it from a web interface.
The NJCTIX feeds include Malware IPs, Suspicious/Malicious URLs, Malware Files, Malicious Domains, and Exploit/IP Observables. We consume cyber threat information from multiple sources, including State agencies, the federal government, and a variety of third-party providers. The NJCCIC’s dedicated correlation engine and proprietary detection rules reduces the burden of false positives for our customers.
How Does It Work?
Soltra Edge is a TAXII—Trusted Automated eXchange of Indicator Information—server, which acts as vehicle for tranporting cyber threat intelligence between trusted entities using the Structured Threat Information eXchange (STIX) and Cyber Observable eXpression (CybOX) formats.
To get started with your own TAXII server:
Create an account on the Soltra Forums website and download the Soltra Edge TAXII server.
Once your Soltra Edge server is operational, request credentials from the NJCCIC to automatically consume feeds from the NJCCIC Soltra Edge Discovery Service Location.
As an alternative to installing a TAXII server, members can also consume NJCCIC feeds with some simple client-side python scripting. Instructional information is available from Tripwire and libtaxii. Authorized users can also access the NCTIX User Interface.
Information Sharing is a Two-Way Street
Information sharing is most effective when it occurs in a bi-directional fashion. The NJCCIC is seeking trusted partners willing to share cyber threat information from their environment, which are then "whitewashed” by the NJCCIC’s vetting process and published for others to consume.
Maintaining the confidentially of our sources is our utmost priority and indicators shared with the NJCCIC are never attributable to the originating organization. Furthermore, entities that share cyber threat information with the NJCCIC in accordance with the Cybersecurity Act of 2015 enjoy the benefit of liability protections.
For more information, or assistance peering your Edge server, contact the NJCCIC at firstname.lastname@example.org.