> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# SOC Defenders: Threat Intelligence Platform Overview

> SOC Defenders aggregates cybersecurity news and IOCs from 30+ sources. Learn what the platform offers and how to get started as a customer.

SOC Defenders is a threat intelligence platform built for SOC analysts, security engineers, and security operations teams. It continuously aggregates cybersecurity news, indicators of compromise (IOCs), and CVE data from more than 30 sources, then delivers that intelligence through a filterable web feed, a REST API, and a TAXII 2.1 server — so you can enrich your investigations, feed your SIEM, and stay ahead of active threats without stitching together dozens of individual feeds yourself.

<CardGroup cols={2}>
  <Card title="Platform" icon="shield-halved" href="/platform/news-feed">
    Explore the threat news feed, IOC lookup, CVE database, and industry threat view.
  </Card>

  <Card title="API Reference" icon="code" href="/api-reference/overview">
    Full reference for every endpoint — IOCs, articles, STIX, TAXII, and more.
  </Card>

  <Card title="Integrations" icon="plug" href="/integrations/siem-overview">
    Connect SOC Defenders to Splunk, Microsoft Sentinel, Elastic, and more.
  </Card>

  <Card title="Export Formats" icon="file-export" href="/formats/overview">
    STIX 2.1, TAXII 2.1, MISP, CEF/Syslog, OpenIOC, Sigma rules, JSON, and CSV.
  </Card>
</CardGroup>

## What the platform provides

**Threat news feed** — A continuously updated feed of cybersecurity articles aggregated from 30+ sources. You can filter by category (attacks and breaches, malware, vulnerabilities, and more), severity, industry sector, MITRE ATT\&CK technique, threat actor, and technology. Articles are enriched with extracted IOCs, CVEs, and MITRE technique mappings so you can pivot from a news item directly into an investigation.

**IOC feed** — A structured feed of indicators of compromise including IPv4, IPv6, domains, URLs, MD5/SHA1/SHA256 file hashes, CVEs, MITRE ATT\&CK techniques, and email addresses. Indicators include confidence ratings and source attribution. Use the IOC lookup endpoint to enrich a single indicator with AI risk scoring and auto-generated Splunk and KQL hunting queries.

**CVE database** — Search and browse CVEs enriched with CISA Known Exploited Vulnerabilities (KEV) status and EPSS exploit probability scores, so you can prioritize patching by actual exploitation risk rather than raw CVSS score alone.

**Industry threat view** — IOCs and threat articles segmented by CISA Critical Infrastructure sectors, letting you filter intelligence to the industries most relevant to your organization.

**Community** — Access community-contributed threat intelligence and stay connected with other security practitioners using the platform.

## The API

SOC Defenders exposes a REST API and a TAXII 2.1 server for programmatic access to all threat intelligence. Use the REST API to pull IOC lists, search for specific indicators, retrieve enriched news articles, and export data in multiple formats. Use the TAXII 2.1 server to poll collections automatically from any TAXII-compatible SIEM or threat intelligence platform.

All API access requires an API key passed in the `Authorization` header or `X-API-Key` header. See [Authentication](/authentication) to get started, or jump to the [API reference](/api-reference/overview) for full endpoint documentation.

## Free vs Pro

SOC Defenders offers two tiers. The Free tier is available immediately with no credit card required and covers most individual and small-team use cases. The Pro tier is designed for security teams and organizations that need higher throughput, longer data lookback, and SIEM-native export formats.

| Feature              | Free                      | Pro                              |
| -------------------- | ------------------------- | -------------------------------- |
| Rate limit           | 10 req/min, 1,000 req/day | 1,000 req/min, 1,000,000 req/day |
| Lookback period      | 1 day                     | 1 year                           |
| Results per request  | 100                       | 10,000                           |
| JSON / CSV export    | Yes                       | Yes                              |
| STIX 2.1 / TAXII 2.1 | —                         | Yes                              |
| MISP / CEF / OpenIOC | —                         | Yes                              |
| Sigma rules          | —                         | Yes                              |
| API keys             | Up to 3                   | Up to 50                         |
| Support              | Community                 | Priority email                   |
| Uptime SLA           | —                         | 99.9%                            |

Pro is $299/month, or $2,990/year (\$249/month). Sign in at [socdefenders.ai](https://socdefenders.ai) to start a trial.

## Supported SIEM integrations

SOC Defenders works directly with the following platforms:

* **Splunk** — Ingest IOCs via REST API or TAXII 2.1 feed. Auto-generated Splunk hunting queries are available per indicator through the IOC lookup endpoint.
* **Microsoft Sentinel** — Connect via TAXII 2.1 or REST API. KQL hunting queries are generated per IOC in the lookup response.
* **IBM QRadar** — Ingest via TAXII 2.1 or CEF/Syslog stream (Pro).
* **Elastic Security** — Pull IOCs via REST API or TAXII 2.1 feed.
* **Google Chronicle** — Ingest STIX 2.1 bundles or connect via TAXII 2.1 (Pro).

See the [integrations guides](/integrations/siem-overview) for step-by-step setup instructions for each platform.
