As Digital Transformation accelerates, both public and private organizations increasingly rely on online systems, applications, and digital infrastructure. This has made cyber threats more sophisticated and continuously evolving. Adversaries often pursue financial gain, unauthorized access to sensitive information, and attacks on critical national infrastructure.
Thailand Cyber Threat Intelligence (TCTI)
Threat Intelligence has therefore become a key mechanism to strengthen cyber defense—especially intelligence that is high quality, verifiable, and shared rapidly. The National Cyber Security Agency (NCSA) has developed Thailand Cyber Threat Intelligence (TCTI) as a national hub for sharing cyber threat intelligence.
National Collaboration (Participating Network)
About TCTI
TCTI is built on the open-source MISP community platform and tailored to Thailand’s national context for sharing cyber threat intelligence.
Collect & Analyze
Aggregate, enrich, and store Cyber Threat Intelligence with actionable context.
Share IoCs (TLP-aligned)
Exchange IoCs (IP/Domain/URL/Hash) with clear handling rules and trust labels.
Threat Correlation
Link related threats, campaigns, malware, and infrastructure to reveal patterns.
Intelligent Response
Accelerate incident response with intelligence-driven workflows and recommendations.
Automation-ready Integrations
Integrate feeds/APIs with Firewall, SIEM, EDR, and SOAR to close the time gap.
Quality & Traceability
Promote verified data, provenance, and attribution to reduce noise and increase confidence.
Use Cases
Examples of integrating TCTI with security systems (Firewall / Wazuh) to improve detection speed and support intelligence-driven response.
Integrate TCTI with FortiGate External Feeds to consume IoCs (IP/Domain/URL/Hash) in near real time. This reduces time gaps, improves proactive blocking and detection, and strengthens network defense with intelligence-driven protection.
Connect Wazuh with TCTI for threat intelligence correlation (e.g., checking new endpoint file hashes against TCTI indicators). When a match is found, the system can automatically generate alerts—improving detection speed and supporting incident response.
NCSA Supports the Sustainable Development Goals
Proactive defense • Reduced time gaps • Trusted collaboration
SDG 9.1 — Standards-based Digital Infrastructure
A resilient, standards-based platform enabling scalable cyber threat intelligence and stronger national digital security.
SDG 17.6 — Global Cybersecurity Collaboration
Through international cooperation mechanisms, the platform connects with more than 766 incident response organizations across over 100 countries, enabling trusted intelligence sharing and strengthening collective cyber defense capabilities at the global level.
SDG 10.3 — Inclusive Cybersecurity and Digital Equity
Open-source and Sectoral CERT collaboration reduce costs, expand access, and strengthen collective defense against cyber threats.
Contact the TCTI Team
News & Activities
Latest announcements, events, and collaboration highlights from TCTI.
Support the public health sector in integrating with the TCTI platform
Provide support to the public health sector to connect TCTI with Health-CERT, including knowledge transfer to enable real-world operational use, which has...
Contact TCTI Team
For onboarding or coordination, please contact the TCTI team via official channels.