Critical Path Security - Zeek Intelligence Feeds
Critical Path Security is now providing free and subscription-based Zeek-formatted threat intelligence feeds to bring immediate value to your Zeek deployments. Designed for simplicity, a github repo can be cloned and updated based on your schedule and needs. With some simple steps, you can have the critical network intelligence you need to protect your environment.
If you are looking for something more fine tuned, you can pull the individual feeds into your environment as you wish.
Our free threat feeds include:
Abuse.CH - The contents of this feed is observed botnets and command-and-control infrastructure (C&C). The blocklist is an amalgamation of several minor blocklists with attention paid to Heodo and Dridex malware bots.
Alienvault - AlienVault Open Threat Exchange (OTX) is the Alienvault’s free, community-based project to monitor and rank IPs by reputation. This feed focuses on observed IP addresses with known malicious characteristics.
Binary Defense Systems - Artillery Threat Intelligence Feed and IP Banlist Feed is a manifest of known bad IP addresses observed by the Binary Defense Systems Artillery platform.
COVID-19 Cyber Threat Coalition - With Critical Path Security's involvement in the COVID-19-CTI-LEAGUE, we are particularly proud to provide this feed of COVID-19 related threats.
Emerging Threats Compromised IPs - The contents of this feed are hosts that are known to be compromised by bots, phishing sites, etc, or known to be spewing hostile traffic. These are not your everyday infected and sending a bit of spam hosts, these are significantly infected and hostile hosts.
OpenPhish - OpenPhish receives URLs from multiple streams and analyzes them using its proprietary phishing detection algorithms.
Georgia Tech PREDICT - This dataset contains a daily feed of passive DNS data produced by the Georgia Tech Information Security Center's malware analysis system.
Critical Path Security - Illuminate - The contents of this feed is observed botnets and command-and-control infrastructure (C&C) from our Threat Intelligence Network. This is a vetted, hourly updated feed containing full protocol telemetry.
Rutgers - IP List of SSH Brute force attackers is created from a merged of locally observed IPs and 2 hours old IPs registered at badip.com and blocklist.de
TOR - The contents of this feed are hosts that are known to be TOR exit nodes.
Around the corner...
In a few short weeks, we'll be providing a free client application to manage these tasks!