Question 1

How can I add a new threat intelligence source to awesome-threat-intelligence?

Accepted Answer

You can contribute by following the guidelines in the CONTRIBUTING.md file, which involves submitting a pull request with the resource details in the appropriate table format. This helps keep the list current and comprehensive through community efforts.

Question 2

What are the best free IP blocklists for network security?

Accepted Answer

The Sources section includes several free options like AbuseIPDB, Binary Defense IP Banlist, and IPsum, but reliability varies. It's recommended to test them in your environment and consider factors like update frequency and false positive rates.

Question 3

awesome-threat-intelligence vs MISP: which should I use?

Accepted Answer

Awesome Threat Intelligence is a curated list of resources for discovery, while MISP is a full-fledged platform for sharing and analyzing threat data. Use the list to find tools and feeds, and MISP for operational intelligence management and collaboration.

Question 4

How to build a threat intelligence pipeline using resources from this list?

Accepted Answer

Start by selecting feeds from the Sources section, use frameworks like IntelMQ or OpenCTI from the Platforms category for ingestion, and integrate analysis tools like YARA or Cortex. Manual configuration and testing are required to ensure compatibility and effectiveness.

Question 5

Are the STIX/TAXII feeds listed here compatible with commercial SIEMs?

Accepted Answer

Many feeds support STIX/TAXII formats, as highlighted in the Formats section, but compatibility depends on the specific SIEM. You may need intermediary platforms like OpenCTI or Anomali STAXX to translate and ingest the data seamlessly.

Question 6

What are some alternatives if I want a more interactive threat intelligence database?

Accepted Answer

Consider platforms like AlienVault OTX, Recorded Future, or open-source options like OpenCTI and IntelOwl, which offer interactive features, real-time data, and built-in analysis tools beyond a static directory.

Awesome Threat Intelligence

What is Awesome Threat Intelligence?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions