National Cyber Threat Intelligence Sharing Hub
As digital transformation accelerates, both public and private organisations increasingly rely on online systems, applications, and digital infrastructure. This shift has made cyber threats more complex and continuously evolving, with malicious actors focusing on financial gain, unauthorised access to sensitive information, and attacks against nationally critical infrastructure.
Threat Intelligence has therefore become a key mechanism for strengthening cyber defence—especially intelligence that is high quality, verifiable, and delivered rapidly. The National Cyber Security Agency (NCSA) has developed Thailand Cyber Threat Intelligence (TCTI) as a national platform for sharing cyber threat intelligence (the National Threat Intelligence Hub).
Figures updated from the TCTI system
Technical data for detection and response
OVERVIEW About TCTI & Key Objectives
CTI • IoC • TLPAbout About TCTI
TCTI is built on the open-source (Open Source) MISP community software and adapted to fit the context of national-level cyber threat intelligence sharing.
- ✓Collect, analyse, and store Cyber Threat Intelligence
- ✓Share Indicators of Compromise (IoCs)
- ✓Analyse threat relationships (Threat Correlation)
- ✓Support incident response with Intelligent Response
Objectives Key Objectives
Enhance capabilities for collecting, analysing, and sharing threat intelligence to handle increasing volumes of data and deliver effective proactive alerts.
- •Enhance national efficiency in collecting and analysing cyber threat intelligence
- •Integrate Threat Intelligence from multiple domestic and international sources
- •Establish proactive threat alerting
- •Strengthen operations of Sectoral CERTs and critical infrastructure organisations
- •Support the development of a cyber threat intelligence ecosystem
National Collaboration (Participating Network)
CAPABILITIES Platform Capabilities
Operational-ready🔎 Threat Intelligence Sharing
Share IoCs such as IPs, domains, URLs, hashes, and malware indicators to strengthen proactive detection.
⚡ Proactive Threat Detection
Provide alerts on threats likely to affect Thailand so organisations can prepare in time.
🔗 Threat Correlation & Analysis
Analyse relationships across events to identify attack patterns, reduce investigation time, and improve accuracy.
🤝 Trusted Collaboration (TLP)
Share information under the Traffic Light Protocol (TLP) standard to control access and build mutual trust.
🔄 Automation Ready
Support integration with SOC tools, SIEM, firewalls, and automation systems to operationalise threat intelligence.
Join the TCTI Network
Strengthen cyber threat intelligence collaboration and enhance national-level cyber defence.
BENEFITS Benefits for Participating Organizations
- ✅Reduce time spent validating and understanding threats with a searchable intelligence repository
- ✅Enable faster response through proactive alerts and actionable technical indicators
- ✅Build trusted, standards-based collaboration by sharing information according to TLP levels
- ✅Integrate with existing security tools (e.g., SIEM / Firewall / SOC) to improve defensive effectiveness
- ✅Improve IoC quality and correlation analysis to prevent recurrence and strengthen overall security posture
TRUST Security & Trust
The platform is designed to support information sharing without exposing organisations' sensitive data, building trust in exchange while adopting international standards such as the Traffic Light Protocol (TLP).
FUTURE Future Direction
NCSA focuses on developing high-quality IoCs, expanding the collaboration network, and evolving the system architecture for future growth (Scalable Architecture). The platform can be used without software licensing fees (License Fee) to sustainably strengthen national cyber threat intelligence capabilities.
