Open/Closed Source Feeds FAQ

Updated 4 weeks ago by Elvis Hovor

Open source intelligence (OSINT) data feeds are polled at regular intervals. We have optimized the polling rates to reflect the data refresh rate for each OSINT source. 

Closed source intelligence require credentials and keys for setup and configuration.

Several closed source intelligence will return results only if you submit data into your private enclave. They are identified in the table below.

Type

Polling Frequency

Intel Source

Report Submission Required

Indicators Retrieved

Source URLs

OSINT

15 mins

EU-CERT

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

https://www.circl.lu/doc/misp/feed-osint/

60 mins

Hail_a_Taxii

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

http://hailataxii.com/taxii-discovery-service/

3 hours

Hybrid Analysis_Public Feed

No

URL, MD5, SHA1, SHA256, MALWARE

https://www.hybrid-analysis.com/feed?json

15 mins

Bambenek

No

IP, MALWARE

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt

15 mins

Abuse.ch Ransomware

No

IP, URL, MALWARE

https://ransomwaretracker.abuse.ch/feeds/csv/

15 mins

Abuse.ch ssl Blacklist

No

IP, URL, MALWARE

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

15 mins

Abuse.ch IP Blacklist

No

IP, URL, MALWARE

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

15 mins

AIS - DHS

No

STIX/TAXII - IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

https://taxii.dhs.gov:8443/flare/taxii11/poll

Closed Sources

15 mins

IBM XForce

Yes

IP, URL, MD5, SHA1, SHA256

https://api.xforce.ibmcloud.com
https://exchange.xforce.ibmcloud.com/search

15 mins

Digital Shadows

No

IP, URL, MD5, SHA1

https://portal-digitalshadows.com/api
/incidents/find
/intel-incidents/find
/intel-threats/find

15 mins

VirusTotal

Yes

IP, URL, MD5, SHA1, SHA256

https://www.virustotal.com/vtapi/v2

15 mins

Crowdstrike Falcon Intelligence

Yes

ALL

https://intelapi.crowdstrike.com/indicator/v2/search/indicator

15 mins

Crowdstrike Falcon Stream

Yes

ALL

https://firehose.crowdstrike.com

15 mins

Crowdstrike Falcon Reports

Yes

ALL

https://intelapi.crowdstrike.com

15 mins

Alien Vault OTX

Yes

IP, URL, MD5, SHA1, SHA256, CVE

https://otx.alienvault.com/api/v1/indicators

15 mins

FBTX

Yes

IP, URL, MD5, SHA1, SHA256, EMAIL ADDRESS

https://graph.facebook.com/v2.8/threat_descriptors

15 mins

HybridAnalysis

Yes

URL, MD5, SHA1, SHA256, MALWAR

https://www.hybrid-analysis.com/api/search

15 mins

RiskIQ PassiveTotal

Yes

IP, DOMAIN, URL, DOMAIN, EMAIL ADDRESS

https://api.passivetotal.org/v2

15 mins

Recorded Future

Yes

IP, URL, CVE, MD5, SHA1, SHA256, MALWARE

https://api.recordedfuture.com

15 mins

Cisco AMP ThreatGrid Indicator Query

Yes

IP, URL, DOMAIN (extracted from URL), SHA1, SHA256, MD5, REGISTRY KEY

https://panacea.threatgrid.com/api/v2/search
/ips
/domains
/urls
/artifacts
/registry_key

15 mins

Cisco AMP ThreatGrid Analysis Feeds

Yes

IP, URL, DOMAIN (extracted from URL), SHA1, SHA256, MD5, REGISTRY KEY

https://panacea.threatgrid.com/api/v2/search/submissions

15 mins

iSight Partners

Yes

ALL (if present in reports provided by iSight)

https://api.isightpartners.com

Every 2 hours

FS-ISAC

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

https://analysis.fsisac.com/taxii-discovery-service

Everyday at 2 pm UTC

CyberSource

Yes

IP, URL, DOMAIN, EMAIL ADDRESS (connect with TruSTAR support for access)

https://ebc.cybersource.com/ebc/DownloadReport

OSINT (RSS Feeds)

15 mins

US-CERT

No

 IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

http://www.us-cert.gov/ncas/all.xml

15 mins

ISC

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

https://isc.sans.edu/rssfeed_full.xml

15 mins

Packetstorm

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE]

https://rss.packetstormsecurity.com

15 mins

Infosec Island

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

http://www.infosecisland.com/rss.html

15 mins

Palo Alto Unit 42

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

http://feeds.feedburner.com/PaloAltoNetworks

15 mins

Malware Bytes

No

SOFTWARE, MALWARE

https://blog.malwarebytes.com/feed/

15 mins

Broad Analysis

No

IP, DOMAIN

http://www.broadanalysis.com/feed/


How Did We Do?