Other Ways to Connect to the Automated Indicator Sharing (AIS): ISACs, ISAOs, Threat Providers

Instead of interacting directly with CISA, you can also share and receive AIS cyber threat indicators and defensive measures through a participating ISAC or ISAO or via an AIS-integrated commercial product or service.

Customers are required to sign an AIS Terms of Use Agreement if they want to receive data designated with distribution limitation “TLP: Amber.” Visit the Traffic Light Protocol (TLP) page for further information.

CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Commercial providers offer AIS data to existing subscribers at no extra cost:

• Anomali
• Infoblox
• Looking Glass
• Perch Security
• ThreatConnect
• ThreatQuotient
• Sumo Logic
• Centripetal Networks
• Recorded Future
• Trustar/Splunk
• Reliaquest
• ThreatSTOP
• Celerium
• Rapid7
• Cyware
• Seceon
   

ISACS/ISAOs also offer AIS data to existing members via ISAC/ISAO provided automated data connections**:

• Health ISAC (H-ISAC)
• Multi-State ISAC (MS-ISAC)
• Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)
• Water ISAC (W-ISAC)
• Financial Services ISAC (FS-ISAC)
• Information Technology ISAC (IT-ISAC)
• Research Education Networking ISAC (REN-ISAC)
• Retail and Hospitality ISAC (RH-ISAC)
• Maritime Transportation System ISAC (MTS-ISAC)
• Downstream Natural Gas ISAC (DNG-ISAC)
• Oil and Natural Gas ISAC (ONG-ISAC)
• Space Information Sharing and Analysis Center (S-ISAC)
• Media and Entertainment ISAC (ME-ISAC)
• Automotive ISAC (Auto-ISAC)
• Public Safety Threat Alliance (PSTA) (Public Safety ISAO)

**Other ISACS do receive AIS data but might not offer a member CTI feed connection and therefore do not distribute AIS data.