Public Data Sources
Public Data Sources
- Public Threat Intelligence Sources: - These are freely available to anyone and usually have no cost associated with access. 
- Types include threat bulletins, feeds, and platforms. 
 
- Challenges: - Trustworthiness: Public sources often have uncurated indicators, leading to noise and false positives. 
- Lack of Context: Indicators like IPs, hashes, or domains may lack detailed context about their roles in malicious activities. 
- Outdated Data: Some sources keep old data, making validation harder and potentially wasting time on irrelevant alerts. 
 
- Examples of Public Threat Intelligence Feeds: - Cybercrime Tracker: Provides URLs and IPs associated with malicious activities. 
- URLhaus: Shares malicious URLs used for malware distribution. 
- Ransomware Tracker: Tracks ransomware-related domains, IPs, and URLs. 
- OpenPhish: Offers feeds on phishing campaigns. 
- I-Blocklist: Maintains lists of IP addresses related to various categories like web attacks and proxies. 
- Cyber Cure Platform: Provides lists of infected IPs, malware URLs, and hash files. 
 
- Feed Aggregators: - LIMO: Aggregates multiple threat intelligence feeds and is compatible with STIX and TAXII protocols. 
- Hail A TAXII: Another feed aggregator that collects open-source threat intelligence feeds in STIX format. 
 
Threat Intelligence Platforms
- Public Threat Intelligence Platforms: - These platforms organize multiple threat intelligence feeds into a single stream, making it easier to manage and utilize the data. 
- They can be used for enrichment, adding more context to existing data. 
 
- Examples of Public Threat Intelligence Platforms: - STAXX by Anomali: A platform that aggregates threat intelligence feeds. 
- MISP: An open-source threat intelligence platform. 
- CRITs: Another open-source platform for threat intelligence. 
- OTX (Open Threat Exchange) by Alien Labs: A community-driven platform for sharing threat intelligence. 
- OpenCTI: An open-source platform for managing cyber threat intelligence. 
- CIF (Collective Intelligence Framework) by CSIRT Gadget: A platform for sharing and managing threat intelligence. 
 
- Benefits: - Enrichment: These platforms can add valuable context to threat data, making it more actionable. 
- Aggregation: They combine multiple feeds into a single stream, simplifying data management. 
- Accessibility: Many of these platforms are available for free, making them accessible to organizations of all sizes. 
 
- Challenges: - Trustworthiness: Public threat intelligence sources may have uncurated indicators, leading to noise and false positives. 
- Maintenance: Some platforms may require significant effort to maintain and keep up-to-date. 
 
Last updated
Was this helpful?