RISE member Andrew Beard provided resources and tips for selecting open source data feeds for your threat intelligence platforms. Special thanks to R&K Solutions for hosting this event! Click through for links to video and slide presentation.
Andrew provided an overview of available resources for ‘hard’ threat intel – things that can be leveraged in an automated way. Through these he provided some tips and cautions on selection of intel sources and deploying them into a production environment. Spoilers: Always research what you are getting, and test before moving into blocking mode!
Links to some of the resources that Andrew discussed during his brief are below. (RISE does not recommend or endorse any commercial products. This information is provided as a courtesy to attendees who would like to research for further information.)
Bambenek Consulting feeds – feeds for non-commercial and licensed commercial use
Abuse.ch – Sweedish organization with feeds for malware, SSL, and URLs
Alienvault OTX – Malware indicators and information on adversaries
CleanMX – Public query for virus URI
Malware Domain List – Queryable list of malicious domains