Currently, F5 Distributed Cloud WAF does not support native integration with external Threat Intelligence Platforms such as ThreatQ. Organizations are required to build custom scripts, intermediate feed servers, or API-based automation to ingest and enforce threat intelligence (IPs, domains, URLs, ASN). This introduces operational overhead, delays in threat response, and increases architectural complexity.

We request a native threat intelligence integration capability that supports standard formats such as STIX/TAXII, REST API ingestion, and external feed URLs. The solution should allow mapping of threat indicators (IP, CIDR, domain, URL, ASN) to WAF enforcement actions such as block, monitor, or challenge, with support for confidence scoring, severity-based policies, and automatic IOC expiration.

This feature will benefit SOC teams, security engineers, and enterprises relying on Threat Intelligence Platforms by enabling real-time threat mitigation, reducing manual effort, and improving security posture. It will also enhance F5 Distributed Cloud WAF’s competitiveness against other cloud WAF providers that offer native threat intelligence integrations.”