Go Back

Cyber Threat Intelligence Feeds | Secure your network before an attack

May 24, 2017


Which malicious malware attack does your boss need you to block today? Blueliv Cyber Threat Intelligence Feeds provide security information that’s granular, industry specific and on time.

Experts from respected think tanks like Gartner and RSA agree. Knowledge-based information and targeted action are having a profoundly positive effect on enterprise security.

Threat Intelligence Data Feed uncovers traces left by cyber criminals and pinpoints the source.

Big data exposes criminal motives and modus operandi. It provides specific real-time threat particulars and trends. Analysts then convert that information into actionable response. You and your boss can respond to up-to-the-minute cyberattacks proactively.

Cyber attacks are becoming more and more sophisticated. Firewalls and Malware Detection software alone leaves your enterprise vulnerable. Perpetrators of today leverage these gaps to infiltrate malware into your enterprise systems.

To be effective, threat intelligence must provide data-driven, time-relevant solutions. Intelligence must be based on geo-specific and industry-specific environments.

The security posture with the most consistently proven success rate is a pre-emptive one.

That is why threat intelligence is on the rise.


What Criminal Monitoring Gives You

Blueliv plumbs and deciphers hundreds of sources. Round-the-clock targeted sources glean details from verified online crime servers conducting malicious activity.

Our analysts and global partners review infected bot IPs, malware hashes and hacktivism activities.

The Blueliv Threat Intelligence Data Feed provides high-impact results rapidly.

Users can understand what attack vectors malicious actors are using.  They can interpret potential indicators of compromise (IOC) and deploy mitigation solutions.

The Feed identifies emerging threats. Teamwork and community support can uncover things that single operators might miss. That community includes external cyber-security experts and leading technology companies. Sharing threat data, trends, and best practices is a standard industry procedure.

As a community, cyber defenders innovate better. Global companies in the financial services, telecommunications, and utilities have come to rely on Threat Intelligence Data Feed.


Blueliv delivers 2 levels of Threat Intelligence

Level 1 is our Threat Intelligence Data Feed. It’s preventative, and blocks threats, and can be integrated into preferred security solutions such as Firewall, SIEM, IPS, Anti-spam via API and SDK.

Level 2 is our Threat Intelligence Platform. It’s more diagnostic and crime specific and offers highly specialized modules that can get your enterprise back on track.

They complement each other. Both offer outstanding security solutions in real-time. But how do you know which type of threat intelligence is right for your network security?

The right choice for your enterprise is determined by your priorities.


Threat Intelligence Data Feed

Blueliv Cyber Threat Intelligence Data Feed distils only what YOU need:

It allows your organization to track in real-time the threats that align against it. You can quantify and qualify what attack vectors malicious attackers are using.

Blueliv analysts tap and analyze hundreds of sources for the unique intelligence relevant to your area. We harvest verified online crime-server activity, identify infected bot IPs, malware hashes and hacktivism trends.

Our Feed offers rapid, high-impact results. Users can understand current attack vectors. You can identify potential indicators of compromise (IOC) and deploy mitigation solutions.


Key Features of the Data Feed

Blueliv Threat Intelligence Data Feed builds a holistic and dynamic security infrastructure that will result in:

  1. Global Threat Intel Delivered for Your Location

Global businesses need global intel. Banks and other worldwide organizations rely on information to protect all assets. Our analyst team identifies malware threats using:

  • Sandboxes
  • Honeypots
  • Honey clients
  • Spam mailboxes
  1. Continuous Real-Time Updates

The Blueliv Feed constantly tracks threats. Real-time updates provide clients with ultra-fresh intelligence. Live threats that target their users and customers enable security analysts to identify clear IOCs. Information is crowd-sourced reducing the false positive ratio. You have access to run unlimited queries.

  1. Unique Comprehensive Range of Cyber Threat Intelligence

The Feed provides data relating to crime servers, BotIP, malware hashes and hacktivism. It aggregates data from a wide range of open sources. It includes both private and proprietary intelligence and uses sinkhole sites, malware repositories and the alliances and collaborations with different organizations.

  1. Machine-Readable Threat Intelligence

The Data has been translated from human to machine-readable formats such as JSON and STIX/TAXI for immediate integration into other security engines.

This allows rapid dispersion to the cloud and on-premises infrastructure. Through this capability, the client can do 3 things:

  • Increase threat visibility
  • Improve their security posture
  • Enhance threat context

Blueliv uses the standard Structured Threat Information eXpression (STIX) to represent structured cyber threat information. It’s available to get feeds with REST architecture, HTTP protocol, and JSON format.

  1. Easy and Direct Integration

It’s easy to setup and easy to integrate quickly into your SIEM and other security products. It uses a single point of contact (API) or official security vendor applications markets. Plugins are available for Splunk, AlienVault, ArcSight, Logstash and a powerful SDK for integration.


Intelligence and data provided in our single and unique feed:

  • Crime servers: a full set of malicious URLs, where we see malicious activity, many times categorized according to the following types:
    • C&C
    • Exploit Kits (malware distribution & end-user infection)
    • Phishing sites
    • Malware dropper URLs.

All the provided information is enriched in our threat intelligence central unit. It provides metadata, such as geolocation, types & subtypes, ASN information, status (identifies if the threat is still alive or not), confidence and ratio.

  • Bot IPs: a set of IPs that we identify as infected in our distributed sinkholing network. We are able to flag IPs that are infected with well-known active trojans that are found in the wild. We can gather information, such as: IP, geolocation, OS, User Agent, and malware infection
  • Malware Hashes: are a set of potentially unwanted binary hashes that are potentially harmful to your organization. Blueliv uses malware hash-gathering techniques to validate in our malware sandbox. Our technology reveals the final verdict of whether a hash is malicious or not. Behavior signatures and different patterns indicate malicious action (IOC), and malware type, etc.
  • Attacking IPs: a set of bad reputation, IP data is gathered in our widely distributed honeypot environments. All the attacks that we receive in such environments are highly monitored and converted back into this package of information. It provides information of potentially unwanted IPs that you can block in your perimeter firewalls or sensitive corporate applications. You will also glean extra data, such as the type of attack, geolocation, etc.
  • Hacktivism OPs: a feed of hashtags related to hacktivism operations that are seen in social network environments. According to hackers’ Terrorist Tactics, techniques, and procedures (TTPs), often they target an organization and/or publish a hack [leak], they claim it through Social Networks.

Stay tuned and monitor what’s going on in terms of hack #Ops. You get global statistics about activities classified by country and #op.


For more info about how the feed data looks, check:

API Doc:


Ask for a trial now!

Community Support Demo