Threat Intelligence
Threat intelligence in cybersecurity refers to the collection and analysis of information about potential security threats and vulnerabilities. It involves gathering and analyzing data from a variety of sources, including open source intelligence, proprietary data, and technical data, in order to understand the nature and scope of potential threats and to develop strategies for mitigating those threats. Threat intelligence can be used to identify and prioritize potential threats, to develop and implement security controls and policies, and to respond to potential security incidents. It is an important aspect of cybersecurity, as it helps organizations to stay informed about the latest threats and vulnerabilities and to take proactive steps to protect against them.
- abuse.ch is a website that tracks and collects information about various types of malware, including ZeuS, SpyEye, Palevo, and Feodo. The site maintains databases of known malware samples and provides tools and resources for analyzing and tracking the spread of these threats. It is a useful resource for cybersecurity professionals and researchers interested in tracking and understanding the behavior of these types of malware.
- Emerging Threats is an open source project that provides a range of tools and resources for detecting and responding to emerging cyber threats. The project maintains a database of known threats and provides a variety of tools and resources for analyzing and tracking the spread of these threats. It is a useful resource for cybersecurity professionals and researchers interested in staying up-to-date on the latest threats and vulnerabilities.
- PhishTank is a website and database that tracks and collects information about phishing attacks. The site maintains a database of known phishing attacks and provides tools and resources for analyzing and tracking the spread of these threats. It is a useful resource for cybersecurity professionals and researchers interested in understanding and protecting against phishing attacks.
- The Spamhaus Project is a website and database that tracks and collects information about phishing attacks. The site maintains a database of known phishing attacks and provides tools and resources for analyzing and tracking the spread of these threats. It is a useful resource for cybersecurity professionals and researchers interested in understanding and protecting against phishing attacks.
- Internet Storm Center is a website that provides real-time information on cyber threats and vulnerabilities. It is operated by the SANS Institute, a leading cybersecurity training and research organization. The ISC collects and analyzes data from a wide range of sources, including security devices, servers, and networks, to provide timely and accurate information on potential security threats. It is a valuable resource for cybersecurity professionals and network administrators looking to stay up-to-date on the latest threats and vulnerabilities.
- AlienVault Open Threat Exchange (OTX) is a community-driven platform that is used to share and analyze threat intelligence. It is designed to allow cybersecurity professionals and researchers to share and collaborate on threat data, and to use this data to identify and respond to potential threats.
- Tor Bulk Exit List is a list of known exit nodes for the Tor network, which is a privacy-focused network that is often used by malicious actors. The list is maintained by the Tor Project and is used to identify and block traffic from known malicious exit nodes. TOR Node List / DNS Blacklists
- OpenVAS NVT Feed is a collection of network vulnerability tests (NVTs) that are used by the OpenVAS vulnerability scanning tool. The feed is updated regularly with new NVTs and is used to identify and assess the security posture of networks and systems.
- Project Honey Pot is an online system that is used to identify and track the activities of malicious actors on the internet. It is designed to gather and share intelligence about spam, phishing, and other types of online fraud, and is used by cybersecurity professionals to identify and respond to potential threats.
- virustotal is a website that allows users to scan files and URLs for malware and other security threats. It uses a variety of antivirus engines and other security tools to identify potential threats, and provides detailed reports on the results of the scan. VirusTotal is a useful resource for individuals and organizations looking to protect their systems and networks from malware and other security threats.
- IntelMQ is an open source tool that is used to collect, process, and analyze security-related data and events. It is designed to provide real-time intelligence on potential security threats, and is often used by cybersecurity professionals and network administrators to monitor and protect against threats to their systems and networks. ENSIA Homepage.
- CIFv3 (Collective Intelligence Framework) is a tool for collecting, analyzing, and sharing threat intelligence. It is designed to enable organizations to gather and share information about potential cyber threats, and to use this information to identify and respond to potential incidents. CIFv3 is an open source tool that is widely used by cybersecurity professionals and incident responders to gather and analyze threat intelligence.
- MISP (Malware Information Sharing Platform) is an open source platform that is used to collect, share, and analyze threat intelligence. It is designed to enable organizations to share information about potential cyber threats, and to use this information to identify and respond to potential incidents. MISP is widely used by cybersecurity professionals and incident responders to gather and analyze threat intelligence.
- PhishStats is a tool that is used to analyze and track phishing attacks and other types of cyber threats. It is designed to help organizations understand the nature and extent of phishing threats, and to identify and respond to potential incidents. PhishStats is often used by cybersecurity professionals and incident responders to gather and analyze threat intelligence.
- URLVOID is a tool that is used to analyze and track malicious URLs. It is designed to help organizations identify and respond to potential threats, and to protect against phishing attacks and other types of malicious web content. URLVOID is often used by cybersecurity professionals and incident responders to gather and analyze threat intelligence.
- IPVOID is a tool that is used to analyze and track malicious IP addresses. It is designed to help organizations identify and respond to potential threats, and to protect against network attacks and other types of malicious activity. IPVOID is often used by cybersecurity professionals and incident responders to gather and analyze threat intelligence.
- Central Ops is a threat intelligence platform that is designed to help organizations identify and respond to potential security threats. It provides a centralized repository of data and tools for analyzing and tracking threats, and is often used by cybersecurity professionals to identify and respond to potential security incidents. Central Ops allows users to access a wide range of data sources, including internet scans, blacklists, and threat feeds, in order to identify potential threats and vulnerabilities.
- Forcepoint CSI is a threat intelligence platform that is designed to help organizations identify and respond to potential security threats. It provides a range of tools and services for analyzing and tracking threats, including real-time monitoring, data analysis, and incident response capabilities. Forcepoint CSI is often used by cybersecurity professionals to identify and respond to potential security incidents, and is designed to help organizations protect against a wide range of threats, including malware, phishing attacks, and network attacks.
- AbuseIPDB is a threat intelligence platform that is designed to help organizations identify and report on potential security threats. It provides a database of IP addresses that have been reported as being involved in malicious activity, such as spamming, hacking, or phishing. AbuseIPDB is often used by cybersecurity professionals to identify and report on potential security threats, and is available as a free service to help organizations protect against cyber threats.