Top open source and commercial threat intelligence feeds | TechTarget

The Shadowserver Foundation is a nonprofit organization that collects data on malware, IP addresses, SSL certificates and other IOCs. This data is shared with thousands of verified network owners every day through reports. Teams can also use APIs to process the reports as a machine-readable threat intelligence feed. Vendors of commercial cybersecurity threat intelligence feeds charge subscription fees. The primary advantage of commercial feeds over open source feeds is the dedicated human and automated resources that commercial feed vendors have for analyzing and enriching IOC data. CrowdStrike Falcon Adversary Intelligence provides a variety of threat intelligence-related features that can be integrated with a company's existing detection technologies. Capabilities include a sandbox for evaluating malware, dark web activity monitoring and an IOC threat intelligence feed. Premium features include YARA and Snort detection rule support and access to threat hunting libraries and special threat reports. ESET's Global Threat Intelligence features many real-time IOC feeds in JSON and STIX formats. Feeds include the following: Additional feeds pertain to particular types of threats, including Android infostealers and other Android threats, scam URLs, crypto scams, malicious email attachments, phishing URLs, SMS phishing domains and SMS scams. FalconFeeds.io brings together dark web, deep web and open web intelligence. Teams can integrate the feed with their detection technologies through an API. It has three subscription tiers: GreyNoise provides real-time IP address blocklists for firewalls and other network infrastructure and network security technologies to ingest and use. It includes a set of predefined blocklists for addresses attacking several security vendors and their products, addresses sending traffic from certain countries, all addresses recently generating suspicious network traffic and addresses observed exploiting vulnerabilities or participating in botnets. Two options are available. GreyNoise Block is intended for smaller organizations; the full GreyNoise platform is geared to larger ones. OpenPhish specializes in phishing IOC threat intelligence data. It offers three tiers. The Community tier is free, but is only updated twice daily and contains only a subset of phishing URLs. The Premium and Platinum tiers offer comprehensive phishing URLs, phishing IP addresses, SSL metadata and permission for organizations to reuse the data for commercial purposes.