Michael Lazin via plug on 12 Oct 2020 12:32:28 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Free Open source threat intelligence feeds

Thanks so much for the valuable information.  I just found this one which runs on Linux and has an API.  This looks interesting.

https://www.misp-project.org/

I may have answered my own question with this one.  I am still open to suggestions from anyone however.  Thanks again for everything.

Sincerely,

Michael 
On Mon, Oct 12, 2020, 3:20 PM JP Vossen via plug <plug@lists.phillylinux.org> wrote:
On 10/12/20 3:10 PM, JP Vossen wrote:
> On 10/12/20 2:29 PM, Michael Lazin via plug wrote:
>> My $work is looking towards the open source community for threat intelligence.  I get the feed from US-CERT and read full disclosure from time to time but I was wondering if anyone could simply recommend a good open source community feed for intelligence on things like malware and cybercriminal gang activities.  I read zdnet too.  I am looking for anything which is niche like an open source community feed.  I realize that you can set up RSS feeds but I was wondering if any one knew of a pre-existing service like this.  SANS has a high noise level.  Thanks again for your help over the years folks.  I hope everyone is doing well.
>
> I don't think this is what you really mean, but check out: https://rules.emergingthreats.net/.  That's open source Snort compatible rules for...wait for it...emerging threats.  So the threat feed is a bit indirect, but it's something.
>
> Otherwise, yeah, there's some RSS:
>
> RSS that you mentioned:
> * https://www.us-cert.gov/ncas/alerts.xml
> * https://seclists.org/rss/fulldisclosure.rss
>
> Other RSS:
> * https://nvd.nist.gov/download/nvd-rss-analyzed.xml
> * http://www.securityfocus.com/rss/vulnerabilities.xml (Dead 2020-02?)
> * https://isc.sans.edu/rssfeed.xml
> * https://feeds.feedburner.com/TheHackersNews

Oh yeah, drifting even further from the ask, but well worth the read:
* https://www.schneier.com/blog/atom.xml
* https://krebsonsecurity.com/feed/
* https://www.troyhunt.com/rss/
* And for HTTPS/TLS (& a LOT of OT noise that's still fun) https://scotthelme.co.uk/rss/

FWIW I use `Liferea` on Linux Mint for my RSS reader.  I have some feeds in Outlook for $WORK, but that's clunky and buggy as hell!  It's easy to forward useful tidbits to the team though, so...

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

I just found 

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug