Ok, but I see other major leading security vendors (not mentioning names here) already doing this where you can use TAXII server feeds to "import" this shared intelligence and enforce it on your product. I also found vulnerability scanners supporting STIX format as well.
I think F5 development should also focus on this and see how to embed this feature, for example with F5 AFM / IP intelligence to support the STIX format and read intel. AFM IP intelligence already supports external feeds but not STIX format I believe. It would also be interesting to do the same for ASM file uploads feature to detect malicious malware hash (information which is publicly available). For SWG / SSL Orchestrator URL filtering to detect malicious IP/domains, just to name a few.
https://www.sdxcentral.com/articles/news/long-awaited-stix-taxii-cyberthreat-sharing-standards-approved/2021/07/
Interesting project that integrates with third party.
https://docs.sekoia.io/cti/features/integrations/taxii/
I see this as a very strong standard which allows end users to combine several intelligence feeds/sources and have a similar security posture regardless of the security technology used.
This is indeed not an easy question but perhaps something for the F5 security architect to investigate, which I would find interesting in that position (perhaps Heath Parrot could have a look or someone from his team).
Oppertunities come with great ideas 🙂 NEXT PM not sure what that means but will inform my local F5 contacts about this.
Cirrocumulus
