Premium Intel Sources Tech Specs

Updated 1 week ago by Elvis Hovor

Premium Intel sources require credentials and keys for setup and configuration. This usually means you have a license or subscription to the source, such as FS-ISAC or the Recorded Future IP List.

Feed-based sources are regularly updated at the frequency shown. Query-based sources are only updated when reports are submitted or changed, using the IOCs extracted from the report to query the source (third-party providers) for enrichment.

Attributes Parser is relevant to Phishing Triage and Normalized Indicator Score

Intel Source

Update Type/Update Frequency

Parser?

Indicators Retrieved

A-ISAC

Feed/15 min

Pending

ALL*

AlienVault OTX

Query

Yes

IP

URL

MD5

SHA1 and SHA256

CVE

Alienvault OTX Pulse

Feed/15 min

Pending

ALL*

Cisco AMP ThreatGrid Analysis

Feed/15 min

Yes

IP

URL and DOMAIN

SHA1 and SHA256

MD5

REGISTRY KEY

Cisco AMP ThreatGrid Indicator Query

Query

Yes

IP

URL and DOMAIN

SHA1 and SHA256

MD5

REGISTRY KEY

Covid-19 Indicators

Feed/15 min

Yes

IP

URL and DOMAIN

SHA1 and SHA256

MD5

EMAIL ADDRESS

Crowdstrike Falcon Detect

Feed/15 min

Yes

IP

URL and DOMAIN

Crowdstrike Falcon Intelligence

Query

Yes

ALL*

Crowdstrike Falcon Reports

Feed/15 min

Yes

ALL*

CyberSource

Query

Pending

IP

URL and DOMAIN

EMAIL ADDRESS

Digital Shadows

Feed/15 min

Yes

IP

URL

MD5

SHA1

Dragos WorldView

Feed/6 hours

Yes

IP

MD5

SHA1 and SHA256

Software

URL

F-ISAC

Feed/15 min

Pending

ALL*

FS-ISAC

Feed/2 hours

Pending

IP

URL and DOMAIN

MD5

SHA1 and SHA256

CVE

BITCOIN ADDRESSES

SOFTWARE

EMAIL ADDRESS

CIDR BLOCK

REGISTRY KEY 

MALWARE

Facebook Threat Exchange

Query

Yes

IP

URL

MD5

SHA1 and SHA256

EMAIL ADDRESS

Farsight DNSDB

Query

Pending

IP

URL and DOMAIN

Flashpoint

Feed/15 min

Pending

ALL*

H-ISAC

Feed/15 min

Yes

ALL*

HybridAnalysis

Query

Yes

URL

MD5

SHA1 and SHA256

MALWARE

IBM X-Force

Query

Yes

IP

URL

MD5

SHA1 and SHA256

IBM Premier Threat Intelligence

Feed/15 min

Yes

IP

URL

MD5

SHA1 and SHA256

Intel 471 Adversary Intelligence

Feed/15 min

Pending

ALL*

Intel 471 Alerts Watchlist

Feed/15 min

Pending

ALL*

Intel 471 Malware Intelligence

Feed/15 min

Yes

ALL*

Mandiant Threat Intelligence

Feed/15 min

Yes

ALL*

Joe Sandbox

Feed/15 min

Yes

ALL*

MISP

Feed/15 min

Pending

ALL*

NCFTA CyFin

Feed/15 min

Pending

ALL*

NCFTA TNT

Feed/15 min

Yes

ALL*

Recorded Future

Query

Pending

IP

URL

CVE

MD5

SHA and SHA256

MALWARE

Recorded Future Hash Intelligence

Feed/4 hours

Yes

MD5

SHA1 and SHA256

Recorded Future IP Intelligence

Feed/2 hours

Yes

ALL*

Recorded Future URL Intelligence

Feed/24 hours

Yes

URL and DOMAIN

Recorded Future Vulnerability Intelligence

Feed/24 hours

Pending

CVE

RiskIQ Blacklist Intelligence

Query

Yes

IP

URL and DOMAIN

RiskIQ PassiveTotal

Query

Pending

IP

DOMAIN

EMAIL ADDRESS

Shape Blackfish

Query

Pending

EMAIL ADDRESS

SpyCloud

Query

Pending

IP

URL and DOMAIN

EMAIL ADDRESS

URLHaus

Feed

Yes

URL

VirusTotal

Query

Yes

IP

URL

MD5

SHA1 and SHA256

*In the Indicators Retrieved Column, the value for ALL includes these IOCs:

  • IPV4
  • IPV6
  • CIDR BLOCK
  • URL (Domains are currently categorized as URL's)
  • MD5
  • SHA1
  • SHA256
  • CVE (based on NIST's CVE standard)
  • BITCOIN ADDRESSES
  • SOFTWARE (file names are currently treated as Software)
  • EMAIL ADDRESS
  • REGISTRY KEY
  • MALWARE
  • THREAT ACTOR
  • PHONE NUMBERS


How Did We Do?