Your cart is currently empty!
Abuse.Ch T.I. Feeds Are Good
For those that have been in the cyber threat intelligence field for a while, the service Abuse.ch is no stranger.
But if you are not familiar with them, this is your chance to get a good view on what they offer and how you can get the most out of their services.
The abuse.ch community has a wide range of threat intelligence platforms, on which they share crucial and quite reliable indicators of compromise.
At the moment of writing, they have 6 platforms that are up and running.
These 6 platforms are:
- Malware bazaar: A malware sharing community
- Feodo Tracker: A command and control tracking service
- SSL Blacklist: A JA3 and Malicious SSL Certificates collection
- URLhaus: A community that also shares network indicators of dirty sites
- Threat Fox: Another Threat sharing platform
- YARA IFY: Yet Another YARA sharing platform
We highly recommend to take a look at each of these platforms, and investigate if they can be of use and if they should be indexed in your own datasets.
Each of the platforms has it’s own license on how the data can be used.
Some of them also allow commercial use — this can save a lot of hassle, and can help those threat intelligence start ups to get the basic feeds in their threat intelligence platforms.
Is it Paid?
This really depends on which service you are using, but whenever in doubt, simply contact them.
The cybersecurity industry has to work together, and it never hurts to ask them about the details.
We are certain that some of their platforms provide free services, and you are allowed to resell it.
What Can You Expect?
Expect a lot of data. Parse it, and store it in the right format. They have JA31, SSL checksums2, network indicators and malware checksums.
Aside of that, they track botnets3, and are actively sharing this with the public — yes, get in touch with them or visit their website.
What about the false positives rates?
Just like with any online service, you need to parse the data and filter it. Don’t trust the data blindly.
But… when compared to the OTX Alienvault platform, we can certainly say, that the quality of Abuse.ch is better. There.. we said it.
- Why Data Breach Report Feeds Are Important
- The Top 10 Essential Log Sources for IT Monitoring
- Dark Web Cybercrime Forums You Should Monitor
- How to Parse and Use VirusTotal feeds
- Getting The Most Out Of URLscan.io
How Can I Use The Threat Intelligence Feed?
Simply navigate to the platform you like, and search for their Blacklist page. Abuse.ch offers multiple options to download the feeds.
But as you can see, you can download the blacklists in CSV format, or by using their API and most likely if you get in touch with Abuse.ch, they will have more options available for you (these might be commercial licenses).
And that is it. We hope you enjoyed this dive into the services of Abuse.ch. If you haven’t done it yet — don’t wait, and start using their cyber threat intelligence feeds.