Meeting Notes – Threat Intel 101

RISE member Andrew Beard provided resources and tips for selecting open source data feeds for your threat intelligence platforms. Special thanks to R&K Solutions for hosting this event! Click through for links to video and slide presentation.

View recording on the RISE YouTube Channel

View slides on Andrew Beard’s GitHub

Andrew provided an overview of available resources for ‘hard’ threat intel – things that can be leveraged in an automated way. Through these he provided some tips and cautions on selection of intel sources and deploying them into a production environment. Spoilers: Always research what you are getting, and test before moving into blocking mode!

Links to some of the resources that Andrew discussed during his brief are below. (RISE does not recommend or endorse any commercial products. This information is provided as a courtesy to attendees who would like to research for further information.)

Bambenek Consulting feeds – feeds for non-commercial and licensed commercial use

Abuse.ch – Sweedish organization with feeds for malware, SSL, and URLs

Alienvault OTX – Malware indicators and information on adversaries

CleanMX – Public query for virus URI

Malware Domain List – Queryable list of malicious domains