Intel Fusion
by Progredi Systems
Request Demo

Platform

Threat intelligence sources

A cyber threat intelligence portfolio is the sum of its sources. Intel Fusion ships with 45+ pre-loaded sources across three operational tiers — Publicly Available Information, Commercially Available Information, and Government — and supports extending the catalog with your own.

A taxonomy that matches how analysts work

Intel Fusion organizes sources by acquisition tier because acquisition tier is the first distinction analysts make in practice. Publicly Available Information (PAI) is open-source intelligence: feeds you can collect at zero marginal cost, often with broad coverage but variable fidelity. Commercially Available Information (CAI) is paid threat intelligence: curated feeds with vendor-managed enrichment and a contractual quality bar. Government sources are sharing-program feeds with sector specialization, often delivered through ISAC, ISAO, or sector-specific channels.

Treating these as distinct tiers, rather than collapsing them into one inventory, matters for two reasons. Rationalization decisions interact with cost — you do not drop a $0 PAI feed for the same reason you drop a $120K commercial feed. And the intelligence sharing posture is different — a government-derived indicator may carry handling caveats that a PAI indicator does not.

What ships with Intel Fusion

The 45+ pre-loaded sources represent the most widely used feeds across the industry. They span major commercial threat intelligence platforms, well-known OSINT repositories, and government-sponsored sharing programs. Each source carries metadata that the rest of the platform uses: indicator volume, refresh cadence, coverage claims against MITRE ATT&CK®, license terms, and acquisition cost. This metadata is the substrate for overlap analysis and coverage mapping.

Extending the catalog

Most organizations carry sources Intel Fusion does not pre-load — internal feeds, sector-specific subscriptions, or partner intelligence. The catalog supports adding custom sources with the same metadata schema, including ATT&CK coverage claims and indicator characteristics. Once registered, custom sources participate in overlap analysis and coverage mapping alongside the pre-loaded catalog. There is no "second-class" source in Intel Fusion's data model.

Source quality dimensions

Intel Fusion evaluates source quality across several dimensions beyond pure coverage:

  • Fidelity. How often indicators are confirmed by independent sources.
  • Timeliness. Median age of indicators relative to the observed activity.
  • Specificity. Whether intelligence is attributed to identifiable adversaries or generic.
  • Actionability. Whether indicators are ready for SIEM ingest or require enrichment.
  • License compatibility. Whether intelligence can be redistributed inside the organization or to partners.

These dimensions feed into overlap interpretation. Two feeds that "overlap by 80% on indicators" but diverge on timeliness are not the same kind of redundancy as two feeds that overlap on both.

Related

Bring your CTI sources into a portfolio view.

Request a demo to see your sources mapped against the Intel Fusion catalog with overlap and coverage attached.

Request DemoLaunch Analysis