Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

v21 Third Party Feeds

Hey all

With v21 accepting third party feeds I was hoping toi ingest the CTIS data from the ACSC but its in STIX format and the v21 only supports IoC one per line format.

I have found a couple of IP Lists to pull threat data from to add.

TorNodes for all Tor related IPs and also TALOS have a feed (both have about 1200-1500 IPS) - I can share the URL if needed but the forum blocks me if I post thgem :-0

What other feeds do you have or are looking to add?



Edited TAGs
[edited by: Erick Jan at 12:24 AM (GMT -7) on 23 Oct 2024]
Parents
  • I think this would be interesting for everyone to see what (free) feeds may be useful here... But we have to be careful because posting links may lead to account blocks for spamming here in forum... so just add the https to the links (I hope this will work now)

    I found this lists in a Sophos KB-Article:


        rules.emergingthreats.net/blockrules/compromised-ips.txt
        check.torproject.org/torbulkexitlist

    URLs

        osint.digitalside.it/Threat-Intel/lists/latesturls.txt
        urlhaus.abuse.ch/downloads/text/

    Domains

        raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/disposable_email_blocklist.conf
        osint.digitalside.it/Threat-Intel/lists/latestdomains.txt

    regards

  • Thanks Steve

    Added

    Check out:  blocklist.de/en/export.html

    Note: All IP addresses that have attacked one of our customers/servers in the last 48 hours.

    I have now:

Reply Children