Thailand CERTs Community (TH-CC)

National Threat Intelligence Hub TCTI — National Cyber Threat Intelligence Sharing Platform

National Cyber Threat Intelligence Sharing Hub

As digital transformation accelerates, both public and private organisations increasingly rely on online systems, applications, and digital infrastructure. This shift has made cyber threats more complex and continuously evolving, with malicious actors focusing on financial gain, unauthorised access to sensitive information, and attacks against nationally critical infrastructure.

Threat Intelligence has therefore become a key mechanism for strengthening cyber defence—especially intelligence that is high quality, verifiable, and delivered rapidly. The National Cyber Security Agency (NCSA) has developed Thailand Cyber Threat Intelligence (TCTI) as a national platform for sharing cyber threat intelligence (the National Threat Intelligence Hub).

Events
0

Figures updated from the TCTI system

Attributes
0

Technical data for detection and response

OVERVIEW About TCTI & Key Objectives

CTI • IoC • TLP

About About TCTI

TCTI is built on the open-source (Open Source) MISP community software and adapted to fit the context of national-level cyber threat intelligence sharing.

  • Collect, analyse, and store Cyber Threat Intelligence
  • Share Indicators of Compromise (IoCs)
  • Analyse threat relationships (Threat Correlation)
  • Support incident response with Intelligent Response

Objectives Key Objectives

Enhance capabilities for collecting, analysing, and sharing threat intelligence to handle increasing volumes of data and deliver effective proactive alerts.

  • Enhance national efficiency in collecting and analysing cyber threat intelligence
  • Integrate Threat Intelligence from multiple domestic and international sources
  • Establish proactive threat alerting
  • Strengthen operations of Sectoral CERTs and critical infrastructure organisations
  • Support the development of a cyber threat intelligence ecosystem

National Collaboration (Participating Network)

Participating organisations in the TCTI network

CAPABILITIES Platform Capabilities

Operational-ready

🔎 Threat Intelligence Sharing

Share IoCs such as IPs, domains, URLs, hashes, and malware indicators to strengthen proactive detection.

⚡ Proactive Threat Detection

Provide alerts on threats likely to affect Thailand so organisations can prepare in time.

🔗 Threat Correlation & Analysis

Analyse relationships across events to identify attack patterns, reduce investigation time, and improve accuracy.

🤝 Trusted Collaboration (TLP)

Share information under the Traffic Light Protocol (TLP) standard to control access and build mutual trust.

🔄 Automation Ready

Support integration with SOC tools, SIEM, firewalls, and automation systems to operationalise threat intelligence.

Join the TCTI Network

Strengthen cyber threat intelligence collaboration and enhance national-level cyber defence.

สมัครเข้าร่วมโครงการ →

BENEFITS Benefits for Participating Organizations

  • Reduce time spent validating and understanding threats with a searchable intelligence repository
  • Enable faster response through proactive alerts and actionable technical indicators
  • Build trusted, standards-based collaboration by sharing information according to TLP levels
  • Integrate with existing security tools (e.g., SIEM / Firewall / SOC) to improve defensive effectiveness
  • Improve IoC quality and correlation analysis to prevent recurrence and strengthen overall security posture

TRUST Security & Trust

The platform is designed to support information sharing without exposing organisations' sensitive data, building trust in exchange while adopting international standards such as the Traffic Light Protocol (TLP).

FUTURE Future Direction

NCSA focuses on developing high-quality IoCs, expanding the collaboration network, and evolving the system architecture for future growth (Scalable Architecture). The platform can be used without software licensing fees (License Fee) to sustainably strengthen national cyber threat intelligence capabilities.