Public Data Sources

Public Data Sources

  1. Public Threat Intelligence Sources:

    • These are freely available to anyone and usually have no cost associated with access.

    • Types include threat bulletins, feeds, and platforms.

  2. Challenges:

    • Trustworthiness: Public sources often have uncurated indicators, leading to noise and false positives.

    • Lack of Context: Indicators like IPs, hashes, or domains may lack detailed context about their roles in malicious activities.

    • Outdated Data: Some sources keep old data, making validation harder and potentially wasting time on irrelevant alerts.

  3. Examples of Public Threat Intelligence Feeds:

    • Cybercrime Tracker: Provides URLs and IPs associated with malicious activities.

    • URLhaus: Shares malicious URLs used for malware distribution.

    • Ransomware Tracker: Tracks ransomware-related domains, IPs, and URLs.

    • OpenPhish: Offers feeds on phishing campaigns.

    • I-Blocklist: Maintains lists of IP addresses related to various categories like web attacks and proxies.

    • Cyber Cure Platform: Provides lists of infected IPs, malware URLs, and hash files.

  4. Feed Aggregators:

    • LIMO: Aggregates multiple threat intelligence feeds and is compatible with STIX and TAXII protocols.

    • Hail A TAXII: Another feed aggregator that collects open-source threat intelligence feeds in STIX format.

Threat Intelligence Platforms

  1. Public Threat Intelligence Platforms:

    • These platforms organize multiple threat intelligence feeds into a single stream, making it easier to manage and utilize the data.

    • They can be used for enrichment, adding more context to existing data.

  2. Examples of Public Threat Intelligence Platforms:

    • STAXX by Anomali: A platform that aggregates threat intelligence feeds.

    • MISP: An open-source threat intelligence platform.

    • CRITs: Another open-source platform for threat intelligence.

    • OTX (Open Threat Exchange) by Alien Labs: A community-driven platform for sharing threat intelligence.

    • OpenCTI: An open-source platform for managing cyber threat intelligence.

    • CIF (Collective Intelligence Framework) by CSIRT Gadget: A platform for sharing and managing threat intelligence.

  3. Benefits:

    • Enrichment: These platforms can add valuable context to threat data, making it more actionable.

    • Aggregation: They combine multiple feeds into a single stream, simplifying data management.

    • Accessibility: Many of these platforms are available for free, making them accessible to organizations of all sizes.

  4. Challenges:

    • Trustworthiness: Public threat intelligence sources may have uncurated indicators, leading to noise and false positives.

    • Maintenance: Some platforms may require significant effort to maintain and keep up-to-date.

PreviousCommunity Data SourcesNextOSINT

Last updated