Tuesday, April 8, 2014

SOC threat feeds

Everyone working in a SOC knows the importance of threat feeds.
Feeds are databases of IPs that are affected by malware, C&C (Command&Control), botnet, send spam, etc.

Feeds are part of the intelligence of a SOC that uses this data to correlate them with other source of information to take the right decisions.

I will list here the most common, used and open feeds (with a short description) you can find on the internet:

  • OpenNTP Project
    Search for open NTP in your IP space (open NTP are often used to amplify DDoS attacks).
  • Malc0de
    "Updated database of domains hosting malicious executables".
  • Malware Black List
    "Website designed for security researchers looking for malware URLs and samples".
  • Malware Domain List
    "Featuring a list of malware-related sites".
  • Malware Patrol
    "A free, automated and user contributed system for checking URLs for the presence of Malware".                                                                          
  • VX Vault
    "List of IP/domains hosting malware".
  • URLqery
    "Service for detecting and analyzing web-based malware".
  • CleanMX
    "A spam and virus management system for mail servers".
  • Abuse.ch
    "Multiple trackers for botnet, malware, spam, etc".
  • HpHosts
    "Freely downloadable community managed hosts file for ad and malware site blocking".
  • UCEProtect-Network
    Mail abuse database.
  • C-Sirt
    "The aim of cyscon SIRT is to minimize unattended third party manipulations by notifing the responsible parties, before Google or any other blacklisting provider detect it.".
  • Alien Vault - Open Threat Exchange (Free Reputation Monitor Alert Service)
    "A system for sharing threat intelligence among OSSIM users and AlienVault customers".
Of course there are also some "professional" feeds that you can have with a subscription fee (per year) such as: Symantec DeepSight, Verisign iDefense Threat Awareness Services, McAfee Global Threat Intelligence 
for Enterprise Security Manager, etc. which I suggest can be used correlating them with the "open source" feeds I just listed.

Enjoy and keep your data safe,



  1. All The Interested Candidates Read The Notification of The Following Vacancy. Read and Check Are You Eligible For This Vacancy and Read The How to Apply The Online Form of This Job. Online Quran Classes For Kids.

  2. Many people ask Gogoanime, legal or illegal. yes, it is totally legal. This site running legally. You can watch a whole range of anime series free. Everyone can enjoy watching with their family member. You can watch the latest gogoanime at gogoanimetoday.com.

  3. Lottery sambad is the Indian lottery system. The important and main thing which attracts the people to invest in this lottery is the number of prizes and size of the lottery. There are many other lotteries in India but sambad is a very popular lottery among the Indian people.

    We can say that many Indians are fond of lottery games. Our team member daily updated the result of the lottery sambad on this site 3 times a day. So you can view results and download these results on daily basis. Lottery sambad results announce is 11:55 AM, 4:00 PM, and 8:00 AM.


  4. Some of the most successful ABS-CBN programs from the 1990s up to the present
    bear his imprint — from “Showbiz Lingo”, “The Buzz”, lambingan - Watch your favorite Pinoy Tambayan, Pinoy Teleserye Replay, Pinoy
    TV Series and Pinoy TV Shows online for free! “Today With Kris”, “Game Ka Na Ba?”, “Mula
    Sa Puso”, “ASAP” and recent hits “May Bukas Pa”, “Tayong Dalawa”, “Walang Hanggan” and “Ang Probinsyano”.

  5. Hatta is an ancient town located from a one hour drive from Dubai City. Having said that, the town is full of breathtaking views, mountains, parks, etc desert safari dubai deals.