> For the complete documentation index, see [llms.txt](https://help.radiantsecurity.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.radiantsecurity.ai/radiant-connectors/threat-intelligence-hub/connect-your-own-threat-intelligence.md).

# Connect your own threat intelligence

### How cTIS works

When you connect a cTIS provider, Radiant queries that feed during Enrichment for every applicable artifact, in parallel with rTIS. There is no per-alert-type configuration, and prior triages do not need to be re-run.

cTIS results surface as cards in the **Reputation and threat intel** section of the artifact panel. A cTIS card shows your tenant name on the sub-label line, which distinguishes it from rTIS cards (sub-label: **Radiant Security**). See [Built-in threat intelligence feeds](/radiant-connectors/threat-intelligence-hub/built-in-threat-intelligence-feeds.md) for the full card-reading guide.

### Supported providers

Radiant currently supports cTIS for the following provider. See the connector guide for step-by-step setup instructions.

<table data-view="cards"><thead><tr><th>Provider</th><th>What it covers</th><th data-card-target data-type="content-ref">Connector guide</th><th data-hidden data-card-cover data-type="image">Cover image</th></tr></thead><tbody><tr><td>VirusTotal</td><td>File, URL, domain, and IP reputation across 70+ antivirus engines.</td><td><a href="/pages/0bgWzHYz9K7IJH9Gw2m7">/pages/0bgWzHYz9K7IJH9Gw2m7</a></td><td><a href="/files/CzzIG5I9c5ESwu1lh1rB">/files/CzzIG5I9c5ESwu1lh1rB</a></td></tr></tbody></table>

### Verify threat intel is active

After connecting a provider, the feed is queried on the next triage that contains an applicable artifact.

To confirm cTIS is contributing to enrichment:

1. Open any alert triaged after you saved the credential.
2. Select an applicable artifact (e.g., an IP address for AbuseIPDB or a file hash for VirusTotal).
3. In the artifact panel, scroll to the **Reputation and threat intel** section.

<figure><img src="/files/ldF9w9WPRqrJGKyB97zN" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/threat-intelligence-hub/connect-your-own-threat-intelligence.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.