IoC sharing distributes threat indicators to defensive tools for blocking and detection. STIX (format) + TAXII (transport protocol) enable machine-readable automated sharing.
MISP (Malware Information Sharing Platform) is the leading open-source IoC sharing platform. ISACs use TAXII servers. Automate ingestion: new IoCs → SIEM detection rules + firewall/proxy blocks + EDR detections. Manual IoC management doesn't scale.