arrow leftAll products Discover the NODEarrow right
product icon

Arctic HUB

Automate your cyber threat intelligence cycle

Watch video
Threat Intelligence Cycle Collection Processing Exploitation Analysis Production Dissemination Feedback arrow left arrow right

Threat Intelligence Cycle

Arctic Hub enables you to automate your cyber threat intelligence cycle where raw threat data is turned into actionable threat intelligence. This ensures you get the threat information collected, harmonized and disseminated in a timely and effective manner. Read further to learn 7 steps for a modern cyber threat intelligence cycle and how Arctic Hub can help you implement them.



Cyber threat intelligence cycle starts with collecting threat data from a variety of threat indicator sources. In Arctic Hub you can configure all of these feeds and their properties.



Once you have collected the threat data you should harmonize the attributes into a unified language to create rules for the automation. When you call the same things by the same name and keep disparate things separate you turn the collected threat indicator data into threat information. Arctic Hub does all of this automatically for you.



Exploitation means a phase in the cyber threat intelligence cycle where data is enriched with additional information. In Arctic Hub, the threat data is matched against your customer configuration that enables later sharing the unique customer specific threat intelligence packages. Also, customer information as well as network and geolocation related attributes are augmented to the original data set in this phase. To get Arctic Hub do all of this for you automatically you first need to configure your customers by defining their internet presence.



In the analysis phase the data is broken into smaller parts to gain a better understanding of it. In Arctic Hub, threat information is matched against custom labeling rules in this phase. Moreover, custom tags are added in the data.



After analysis the threat intelligence packages are produced to be shared for the correct customers. Arctic Hub can do all of this automatically for you once you have configured the sharing parameters. You can select what kind of packages you want to create and which packages to share to which customers. Also, for each package you can choose if you want to share that via an email report or a direct API access.



One of the most important phases in the threat intelligence cycle is to share the threat intelligence to the correct recipients. Once all the previous steps have been configured correctly in Arctic Hub no other actions are needed from you for the dissemination. Arctic Hub shares all the customer specific threat intelligence packages automatically for you.



Feedback helps you understand how the shared threat intelligence affects your stakeholders. With Arctic Hub you can see who of your customers access the information and when they are doing that.

Threat Intelligence Cycle Collection Processing Exploitation Analysis Production Dissemination Feedback

Key Features


Automate intelligence sharing to your customers

Arctic Hub maps automatically the threat data to your customers based on their internet presence. You can also specify in a very detailed level on which kind of threat intelligence packages you want to send to each customer. Thus, your customers will get only the threat intelligence data that is valid for them. You can choose to share these via email reports or direct API access. This way your customers get the right information fast and can fix their issues quickly.


Harmonize the data 

Arctic Hub harmonizes the incoming data for you automatically. Thus, you can choose to use various different sources for your threat intelligence. Arctic Hub makes sure the data is harmonized in a way that it can be further analyzed, processed and mapped to the right customers.


Get situational awareness

Arctic Hub dashboard shows you real-time information on the threats your customers have faced. You can also see how the threat data has been divided by different factors such as type of customers, geographical area, type of malware or observation time. This gives you situational awareness of your defense cell. Better situational awareness helps you set up KPIs to follow up how your cyber security has improved over time.


Get feedback on how your customers use the data

Arctic Hub shows you who of your customers have accessed the threat intelligence packages you have sent to them and when they have done that. This helps you understand how effective your threat intelligence sharing is and if your customers find it useful.


Control your threat intelligence

Arctic Hub can collect raw threat data from various threat feed providers. There are around 100 integrations to both commercial and open source threat feeds available out-of-the-box in Arctic Hub. You are in control to choose which of them you want to activate in your use.

Here are some of the examples of the integrations that are available in Arctic Hub out-of-the-box:

Use cases for Arctic Hub

Contact us

Fill in the below form if you want to have a chat with us. You can also mail us at or call us at +358 20 743 0010.

Subscribe to Arctic Security newsletter I accept the Arctic Security privacy policy
Submit Please fill missing fields
product icon

Arctic Node

Arctic Node collects the cyber threat intelligence from Arctic Hub or other relevant sources and helps you become more resilient in cyber security.

Discover the Arctic Node
Arctic Node