What are Threat Intelligence Data Feeds?
Threat intelligence data feeds are sources of information that provide insights into various types of cyber threats, vulnerabilities, and malicious activities. These feeds are typically collected and disseminated by security vendors, research organizations, or threat intelligence platforms like ours.
They are provided in the form of downloadable files for further processing within an organization’s security system. Sometimes they come in the form of real-time streaming services – when information about the threats is instantly streamed right after an artifact is discovered by the vendor – allowing an organization a faster response.
The data files include structured and contextualized Indicators of Compromise (IoCs) – artifacts or patterns that indicate a potential security threat. IoCs include IPv4/IPv6 addresses, CIDRs, domain names, URLs, and file hashes – attributed to the context of the malicious activities.
If any of these potentially malicious indicators are noticed in system or server logs, they shall be either automatically blocked or flagged – and passed to the security team for researching the potential incident.
← Read other FAQ