Intelligence sources and Enrichers
Sources include proprietary and open-source providers of threat intelligence on zero-day vulnerabilities, malware signatures, fraud techniques, dark web activity, known threat actors and much more.
EclecticIQ Platform allows you to connect with leading incident response teams and high-tech crime investigators, allowing your threat analysts to work in close cooperation with cyber security specialists.
AlienVault Open Threat Exchange
The AlienVault Open Threat Exchange (OTX) is a system for sharing threat intelligence among OSSIM users and AlienVault customers.
AnubisNetworks Cyberfeed allows customers to obtain threat intelligence on real-time security events, with monitoring of countries, organizations and their subsidiaries.
BFK is in the field of malware analysis and incident response since 1990. It offers threat intel feeds, passive DNS, and enrichment APIs, that make use of up-to-date collection of static and dynamic sample analyses. The company‘s prime focus is crimeware and APT attacks.
Understanding how your adversary operates is essential to effective cyber security. CAPEC™ is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses. Our platform allows the ingestion of the full CAPEC library, and use it to gain understanding of CAPEC numbers in your intelligence.
CIRCL Passive SSL
CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address, which makes it searchable for incident handlers, security analysts or researchers. The Passive SSL enricher will retrieve domains and IP’s associated with an SSL Certificate hash.
Censys is an Internet-wide scanning system and database that aims at listing all devices and networks that compose the Internet. Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
Cisco OpenDNS / OpenResolve
Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco and OpenDNS. Through security automation, dwell time is reduced from hours or days to only minutes. And by gaining Internet-wide visibility in real-time, you will discover more compromised systems.
Cisco Threat Grid
Cisco Threat Grid analyzes suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world.
Cisco Threat Grid - Curated STIX Feeds
Threat Grid content feeds are pre-generated, curated sets of behavioural indicators that are produced in the Threat Grid Cloud infrastructure from sample analysis results. Feeds are used by organizations and partners for targeted threat intelligence, by focusing on the specific types of threats faced by particular industries.
Common Vulnerabilities and Exposures (CVE)
Enrich intelligence with exploit target information, from the standard source of vulnerabilities and exposures: the MITRE corporation.
The enricher and feed uses the Computer Incident Response Center Luxembourg (CIRCL) cve-search API to retrieve all the available details.
Crowdstrike Falcon Intelligence
Crowdstrike is a global leader in the cloud-delivered next-generation endpoint protection. With a single lightweight agent, CrowdStrike is the first company to unify next-generation antivirus that includes machine learning and behavioral analytics, endpoint detection and response (EDR), and a 24/7 managed hunting service all in one lightweight agent. Falcon IntelligenceTM is a cost-effective program tailored to each company’s needs and requirements and addresses the legal and technical aspects of preventing harm that results from a cyberattack.
The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.
Exodus Intelligence provides clients with actionable information, capabilities, and context for proven exploitable vulnerabilities. Their world class team of vulnerability researchers discover hundreds of exclusive Zero-Day vulnerabilities, providing their clients with this knowledge before the adversaries find them. Their research also extends into N-Day research.
Farsight Security DNSDB
Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.
FireEye iSIGHT Intelligence
FireEye iSIGHT Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem.
Flashpoint is the market leader in threat intelligence from the Deep and Dark Web. Flashpoint’s products illuminate threatening actors, relationships, behaviors, and networks.
InTELL tracks global criminal activity with intelligence based on actor attribution and context. Going beyond botnet & malware information, InTELL provides a global picture of trends, geographical activity, actors, their motivations and their evolving business models. Real-time contextual cyber intelligence includes global visibility on actor trends, threats and technology; tracking of risks and threats to online brands; and contextual threat feeds.
Group-IB is a global provider of security services and threat intelligence solutions with profound expertise providing the global security community insights into Russian-speaking cyber criminal groups and their tactics.
IBM X-Force Exchange
IBM X-Force Exchange is a collaborative threat intelligence sharing platform that helps security analysts consume, share, and act on threat insights – backed by the reputation and scale of the IBM X-Force research team.
Intel 471 provides an actor-centric intelligence collection capability. Our intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.
NCSC UK CiSP
Cybersecurity Information Sharing Partnership (CiSP) is a joint industry and government initiative set up by National Cyber Security Centre (NCSC) UK ,to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
PhishMe Intelligence is human-verified, phishing-specific threat intelligence. PhishMe publishes enriched IOCs throughout the day as new threats are confirmed and weekly strategic reports about tactics used to penetrate your network.
RIPEstat GeoIP / RIPEstat Whois
RIPEstat provides everything you ever wanted to know about IP address space, Autonomous System Numbers (ASNs), and related information for hostnames and countries in one place.
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
RiskIQ's PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need.
Any data provided in STIX (1.0, 1.1.1, 1.2) format, including FS-ISAC and MISP feeds.
Shodan is the world's first search engine for Internet-connected devices. The Shodan enricher takes a wealth of input observable types to help you discover which of your devices are connected to the Internet, where they are located, and who is using them.
ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
Wapack Labs Threat Recon
Wapack Labs identifies cyber threats before they become attacks, providing threat detection through internet surveillance operations, data gathering, and in-depth analysis of economic, financial, and geopolitical issues.