Open/Closed Source Feeds FAQ

Updated 1 week ago by Elvis Hovor

Open source intelligence (OSINT) data feeds are polled at regular intervals. We have optimized the polling rates to reflect the data refresh rate for each OSINT source. 

Closed source intelligence require credentials and keys for setup and configuration.

Several closed source intelligence will return results only if you submit data into your private enclave. They are identified in the table below.

Type

Polling Frequency

Intel Source

Report Submission Required

Indicators Retrieved

OSINT

15 mins

EU-CERT

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

60 mins

Hail_a_Taxii

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

3 hours

Hybrid Analysis_Public Feed

No

URL, MD5, SHA1, SHA256, MALWARE

15 mins

Bambenek

No

IP, MALWARE

15 mins

Abuse.ch Ransomware

No

IP, URL, MALWARE

15 mins

Abuse.ch ssl Blacklist

No

IP, URL, MALWARE

15 mins

Abuse.ch IP Blacklist

No

IP, URL, MALWARE

15 mins

AIS - DHS

No

STIX/TAXII - IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

Closed Sources

15 mins

IBM XForce

Yes

IP, URL, MD5, SHA1, SHA256

15 mins

Digital Shadows

No

IP, URL, MD5, SHA1

15 mins

VirusTotal

Yes

IP, URL, MD5, SHA1, SHA256

15 mins

Crowdstrike Falcon Intelligence

Yes

ALL

15 mins

Crowdstrike Falcon Stream

Yes

ALL

15 mins

Crowdstrike Falcon Reports

Yes

ALL

15 mins

Alien Vault OTX

Yes

IP, URL, MD5, SHA1, SHA256, CVE

15 mins

FBTX

Yes

IP, URL, MD5, SHA1, SHA256, EMAIL ADDRESS

15 mins

HybridAnalysis

Yes

URL, MD5, SHA1, SHA256, MALWAR

15 mins

RiskIQ PassiveTotal

Yes

IP, DOMAIN, URL, DOMAIN, EMAIL ADDRESS

15 mins

Recorded Future

Yes

IP, URL, CVE, MD5, SHA1, SHA256, MALWARE

15 mins

Cisco AMP ThreatGrid Indicator Query

Yes

IP, URL, DOMAIN (extracted from URL), SHA1, SHA256, MD5, REGISTRY KEY

15 mins

Cisco AMP ThreatGrid Analysis Feeds

Yes

IP, URL, DOMAIN (extracted from URL), SHA1, SHA256, MD5, REGISTRY KEY

15 mins

iSight Partners

Yes

ALL (if present in reports provided by iSight)

Every 2 hours

FS-ISAC

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

Everyday at 2 pm UTC

CyberSource

Yes

IP, URL, DOMAIN, EMAIL ADDRESS (connect with TruSTAR support for access)

OSINT (RSS Feeds)

15 mins

US-CERT

No

 IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

15 mins

ISC

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

15 mins

Packetstorm

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

15 mins

Infosec Island

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

15 mins

Palo Alto Unit 42

No

IP, URL, MD5, SHA1, SHA256, CVE, DOMAIN, BITCOIN ADDRESSES, SOFTWARE, EMAIL ADDRESS, CIDR BLOCK, REGISTRY KEY and MALWARE

15 mins

Malware Bytes

No

SOFTWARE, MALWARE

15 mins

Broad Analysis

No

IP, DOMAIN


How Did We Do?