Designed to enhance collaboration between European Security Operation Centres (SOCs), research institutions, and cybersecurity experts, the TIS Platform shifts the focus from simple indicator lists to deep, context-rich threat intelligence. Its mission is to improve collective resilience across Europe by enabling a more informed, coordinated, and proactive approach to cyber defence.
What Makes the TIS Platform Unique?
Holistic Attack Chains Instead of Isolated Indicators
Quality and Context Over Sheer Data Volume
Open, Interoperable, and Free of Charge
Secure, Sovereign, and GDPR-Compliant
A Practical Toolbox for Your Security
Holistic Attack Chains Instead of Isolated Indicators
While traditional platforms often only share lists of Indicators of Compromise (IOCs) like IP addresses or file hashes, the SOCCER TIS platform goes a step further. We capture the entire sequence of an attack - the so-called "Cyber Kill Chain." In doing so, we focus on the Tactics, Techniques, and Procedures (TTPs) of the attackers. This behaviour-based model provides a deeper understanding of how and why an attack was successful and delivers insights that are more durable and valuable for proactive defence.
Quality and Context Over Sheer Data Volume
The TIS platform is not another flood of unstructured data. Our motto is quality over quantity. Every piece of shared information is part of a carefully curated and verified scenario. These "Kill Chain Archives" contain not only indicators but also associated artifacts such as anonymised log files, network captures (PCAPs), malware samples, and detection rules (e.g., YARA/Snort). This allows analysts to fully reconstruct attacks and simulate them in their own labs.
Open, Interoperable, and Free of Charge
We believe in the power of collaboration. That's why the TIS platform is completely open-source and uses established industry standards like STIX 2.1 and MITRE ATT&CK® to ensure seamless integration into existing SOC tools (e.g., MISP, SIEM systems). Use of the platform and access to the data are free for qualified organizations.
Secure, Sovereign, and GDPR-Compliant
Data security and digital sovereignty are central to us. The platform is hosted in a European data centre. A unique feature is our dual-track model: while metadata is publicly accessible for transparent collaboration, sensitive artifacts are stored separately and provided only through a secure mechanism. An independent Data Access Committee (DAC) ensures that all data is quality-checked and anonymized.
A Practical Toolbox for Your Security
The TIS platform is more than just a database - it's a ready-to-use toolbox. Included open-source scripts and tools help convert your own findings into standardised formats and directly use the shared scenarios to improve your own detection and response capabilities.
Who is the TIS Platform for?
Security Operation Centres (SOCs) and CERTs looking to enhance their detection capabilities with high-quality, context-rich threat data.
Cybersecurity researchers and academic institutions who rely on verified and reproducible datasets for their work.
Providers of cybersecurity solutions who want to test and validate their products with realistic threat scenarios.
Organisations with training and education programs in the field of cybersecurity.
Become Part of a Stronger European Cyber Ecosystem
The SOCCER TIS platform is an active contribution to strengthening digital sovereignty and cyber resilience in Europe. By providing a trustworthy, open, and collaborative environment, we promote knowledge exchange and help to respond to tomorrow's threats faster and more effectively together.
