The document proposes an architecture called IntelFlow that aims to integrate cyber threat intelligence into software defined networks. IntelFlow would introduce a knowledge plane that receives threat intelligence from various sources and allows the Bro IDS to query this intelligence. The knowledge plane would then export OpenFlow rules to implement countermeasures. The document outlines IntelFlow's components, how it would map intelligence indicators to OpenFlow flows, and presents initial results from a proof-of-concept showing IntelFlow can detect attacks faster than reactive approaches and successfully mitigated a DDoS attack in testing. Future work will further evaluate IntelFlow's effectiveness against other attacks.