v21 Third Party Feeds

m8ey-au 27 days ago

Hey all

With v21 accepting third party feeds I was hoping toi ingest the CTIS data from the ACSC but its in STIX format and the v21 only supports IoC one per line format.

I have found a couple of IP Lists to pull threat data from to add.

TorNodes for all Tor related IPs and also TALOS have a feed (both have about 1200-1500 IPS) - I can share the URL if needed but the forum blocks me if I post thgem :-0

What other feeds do you have or are looking to add?

Edited TAGs
[edited by: Erick Jan at 12:24 AM (GMT -7) on 23 Oct 2024]

Top Replies

Wayne Folta 26 days ago in reply to LHerzog +2

[I posted what I'm using in another post, just adding on to LHerzong's point in this post.] EDIT: Sophos folks went above and beyond and found that the "random probes" that I was seeing weren't the usual…

Parents

0 Mike Scott 2 hours ago

Looking at the Talos URL, there is a generic URL that then redirects to the another URL, within XG v21 talosintelligence.com/documents/ip-blacklist isn't pulling a list. I've left off the https on purpose.

Some of the other items I'm looking at were previously on pfblockerng within pfsense. Need to look at Crowdsec and GreyNoise more
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Mike Scott 2 hours ago

Looking at the Talos URL, there is a generic URL that then redirects to the another URL, within XG v21 talosintelligence.com/documents/ip-blacklist isn't pulling a list. I've left off the https on purpose.

Some of the other items I'm looking at were previously on pfblockerng within pfsense. Need to look at Crowdsec and GreyNoise more
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data