Premium Intel Sources Tech Specs

Updated 3 weeks ago by Elvis Hovor

Premium Intel sources require credentials and keys for setup and configuration. This usually means you have a license or subscription to the source, such as FS-ISAC or the Recorded Future IP List.

Feed-based sources are regularly updated at the frequency shown. Query-based sources are only updated when reports are submitted or changed, using the IOCs extracted from the report to query the source (third-party providers) for enrichment.

Intel Source

Update Type/Update Frequency

Summary Table?

Attributes Parser?

Indicators Retrieved

A-ISAC

Feed/15 min

No

Pending

ALL*

AlienVault OTX

Query

Yes

Yes

IP

URL

MD5

SHA1 and SHA256

CVE

Alienvault OTX Pulse

Feed/15 min

No

Pending

ALL*

Cisco AMP ThreatGrid Analysis

Feed/15 min

Yes

Yes

IP

URL and DOMAIN

SHA1 and SHA256

MD5

REGISTRY KEY

Cisco AMP ThreatGrid Indicator Query

Query

Yes

Yes

IP

URL and DOMAIN

SHA1 and SHA256

MD5

REGISTRY KEY

Crowdstrike Falcon Detect

Feed/15 min

No

Pending

IP

URL and DOMAIN

Crowdstrike Falcon Intelligence

Query

Yes

Yes

ALL*

Crowdstrike Falcon Reports

Feed/15 min

Yes

Yes

ALL*

CyberSource

Query

No

Pending

IP

URL and DOMAIN

EMAIL ADDRESS

Digital Shadows

Feed/15 min

Yes

Yes

IP

URL

MD5

SHA1

F-ISAC

Feed/15 min

No

Pending

ALL*

FS-ISAC

Feed/2 hours

No

Pending

IP

URL and DOMAIN

MD5

SHA1 and SHA256

CVE

BITCOIN ADDRESSES

SOFTWARE

EMAIL ADDRESS

CIDR BLOCK

REGISTRY KEY 

MALWARE

Facebook Threat Exchange

Query

Yes

Yes

IP

URL

MD5

SHA1 and SHA256

EMAIL ADDRESS

Farsight DNSDB

Query

No

Pending

IP

URL and DOMAIN

Flashpoint

Feed/15 min

No

Pending

ALL*

HybridAnalysis

Query

Yes

Yes

URL

MD5

SHA1 and SHA256

MALWARE

IBM X-Force

Query

Yes

Yes

IP

URL

MD5

SHA1 and SHA256

IBM X-Force IRIS

Feed/15 min

Yes

Yes

IP

URL

MD5

SHA1 and SHA256

Intel 471 Adversary Intelligence

Feed/15 min

No

Pending

ALL*

Intel 471 Alerts Watchlist

Feed/15 min

No

Pending

ALL*

Intel 471 Malware Intelligence

Feed/15 min

Yes

Yes

ALL*

Mandiant

Feed/15 min

Yes

Yes

ALL*

Joe Sandbox

Feed/15 min

Yes

Yes

ALL*

MISP

Feed/15 min

No

Pending

ALL*

NCFTA CyFin

Feed/15 min

No

Pending

ALL*

NCFTA TNT

Feed/15 min

No

Pending

ALL*

Recorded Future

Query

Yes

Pending

IP

URL

CVE

MD5

SHA and SHA256

MALWARE

Recorded Future Hash Intelligence

Feed/4 hours

Yes

Yes

MD5

SHA1 and SHA256

Recorded Future IP Intelligence

Feed/2 hours

Yes

Yes

ALL*

Recorded Future URL Intelligence

Feed/24 hours

Yes

Yes

URL and DOMAIN

Recorded Future Vulnerability Intelligence

Feed/24 hours

Yes

Pending

CVE

RiskIQ Blacklist

Query

Yes

Yes

IP

URL and DOMAIN

RiskIQ PassiveTotal

Query

Yes

Pending

IP

DOMAIN

EMAIL ADDRESS

Shape Blackfish

Query

No

Pending

EMAIL ADDRESS

Spy Cloud

Query

No

Pending

IP

URL and DOMAIN

EMAIL ADDRESS

VirusTotal

Query

Yes

Yes

IP

URL

MD5

SHA1 and SHA256

*In the Indicators Retrieved Column, the value for ALL includes these IOCs:

  • IPV4
  • IPV6
  • CIDR BLOCK
  • URL (Domains are currently categorized as URL's)
  • MD5
  • SHA1
  • SHA256
  • CVE (based on NIST's CVE standard)
  • BITCOIN ADDRESSES
  • SOFTWARE (file names are currently treated as Software)
  • EMAIL ADDRESS
  • REGISTRY KEY
  • MALWARE
  • THREAT ACTOR
  • PHONE NUMBERS


How Did We Do?