Feeds are databases of IPs that are affected by malware, C&C (Command&Control), botnet, send spam, etc.
Feeds are part of the intelligence of a SOC that uses this data to correlate them with other source of information to take the right decisions.
I will list here the most common, used and open feeds (with a short description) you can find on the internet:
- OpenNTP Project
Search for open NTP in your IP space (open NTP are often used to amplify DDoS attacks).
- Malc0de
"Updated database of domains hosting malicious executables".
- Malware Black List
"Website designed for security researchers looking for malware URLs and samples".
- Malware Domain List
"Featuring a list of malware-related sites".
- Malware Patrol
"A free, automated and user contributed system for checking URLs for the presence of Malware". - VX Vault
"List of IP/domains hosting malware".
- URLqery
"Service for detecting and analyzing web-based malware".
- CleanMX
"A spam and virus management system for mail servers".
- Abuse.ch
"Multiple trackers for botnet, malware, spam, etc".
- HpHosts
"Freely downloadable community managed hosts file for ad and malware site blocking".
- UCEProtect-Network
Mail abuse database.
- C-Sirt
"The aim of cyscon SIRT is to minimize unattended third party manipulations by notifing the responsible parties, before Google or any other blacklisting provider detect it.".
- Alien Vault - Open Threat Exchange (Free Reputation Monitor Alert Service)
"A system for sharing threat intelligence among OSSIM users and AlienVault customers".
for Enterprise Security Manager, etc. which I suggest can be used correlating them with the "open source" feeds I just listed.
Enjoy and keep your data safe,
d.
Enjoy and keep your data safe,
d.