10 of the Best Open Source Threat Intelligence Feeds

By Walker Banerd April 30, 2019 security-orchestration-automation-response

Cybersecurity threats are evolving rapidly, and with the hectic schedule that most security professionals have, there isn’t time to stay up to date with the latest information. That’s why threat intelligence is an important component of any company’s security operations. Many threat intelligence sources require expensive subscriptions, but there are fortunately many free and affordable options. Here are 10 of the best open source threat intelligence platforms.

 

1. Department of Homeland Security: Automated Indicator Sharing

Private companies are able to report cyber threat indicators with the DHS, which are then distributed via the Automated Indicator Sharing website. This database helps reduce the effectiveness of simple attacks by exposing malicious IP addresses, email senders, and more.

 

2. FBI: InfraGard Portal

The FBI’s InfraGard Portal provides information relevant to 16 sectors of critical infrastructure. Private and public sector organizations can share information and security events, and the FBI also provides information on cyber attacks and threats that they are tracking.

 

3. @abuse.ch: Ransomware Tracker

Ransomware Tracker collects data related to ransomware attacks so that security teams can check IP addresses and URLs against those that are known to be involved in attacks. The tracker provides detailed information on the servers, sites, and infrastructure that have been exploited by ransomware actors, as well as recommendations for preventing attacks.

 

4. SANS: Internet Storm Center

The Internet Storm Center, formerly known as the Consensus Incidents Database, came to prominence in 2001, when it was responsible for the detection of the “Lion” worm. It uses a distributed sensor network that takes in over 20 million intrusion detection log entries per day to generate alerts regarding security threats. The site also provides analysis, tools, and forums for security professionals.

 

5. VirusTotal

VirusTotal uses dozens of antivirus scanners, blacklisting services, and other tools to analyze and extract data from files and URLs submitted by users. The service can be used to quickly check incidents like suspected phishing emails, and every submission is retained in its database to build a global picture of cyber threats.

 

6. Cisco: Talos Intelligence

The Talos threat intelligence team protects Cisco customers, but there is a free version of their service available. Talos’ unmatched tools and experience provide information about known threats, new vulnerabilities, and emerging dangers. Talos also provides research and analysis tools.

 

7. Palo Alto: MineMeld

MineMeld aggregates and correlates threat intelligence feeds, tracks URLs and IPs, extract and shares indicators, and more. It also has features for enforcement of rules across security tools. MineMeld is available on GitHub. Users can contribute code to the open-source repository.

 

8. Google: Safe Browsing

The Safe Browsing service identifies dangerous websites and shares the information to raise awareness of security risks. Safe Browsing finds thousands of unsafe sites every day, many of which are legitimate sites that have been compromised by hackers.

 

9. Information Sharing and Analysis Centers

While some ISAC feeds are quite expensive, others are free. You can find the ISAC for your industry on this website.

 

10. Spamhaus

Spamhaus is a European non-profit that tracks cyber threats and provides real-time threat intelligence. Spamhaus has developed comprehensive block-lists for known spammers and malware distributors, which they provide to ISPs, email service providers, and individual organizations.

 

D3’s SOAR platform integrates with 200+ security tools, including threat intelligence platforms, in order to automatically enrich incident reports with the contextual data that security analysts need to quickly identify genuine threats. Schedule a demo today to learn from one of our product experts how D3 can seamlessly bring threat intelligence into your security operations workflows.

Walker Banerd

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.


Comments

comments for this post are closed