Threat Feed

Threat Intelligence Feed

Blueliv’s Threat Intelligence Data Feed allows organizations to detect and monitor threats, and to quantify and qualify attack vectors malicious actors are using.

Blueliv continuously scours and analyzes hundreds of sources to provide unique intelligence about verified online crime servers conducting malicious activity, infected bot IPs, malware hashes and hacktivism activities. The high-impact product helps users understand attack vectors and IOCS, and deploy mitigation solutions as quickly as possible.

More than just a data feed

Use the Threat Intelligence Data Feed to build a holistic and dynamic security infrastructure that will result in:

1. Global threat intelligence delivered locally

Intelligent threat identification achieved through a combination of malware sandboxes, honey pots, honey clients and spam mailboxes that allows companies to identify different threat actors around the world.

2. Continuous real-time updates

The Blueliv feed constantly tracks threats, updated in real-time, and providing our clients with ultra-fresh and dynamic intelligence. In addition, crowd-sourced information helps clients reduce their false positive ratio. Unlimited queries can be run in real-time.

3. Unique comprehensive range of cyber threat intelligence

The feed provides data relating to crime servers, Bot IPs, malware hashes and hacktivism. All aggregated data comes from a wide range of open sources and includes private and proprietary intelligence from sinkholed sites, malware repositories and alliances and collaborations with different organizations.

4. Machine-readable threat intelligence

Data is translated to machine-readable formats to allow for rapid dispersion to cloud and on-premises infrastructure, increasing threat visibility and enhancing threat contextualization. Blueliv uses the standard STIX to represent structured cyberthreat information. Feeds are also available using REST architecture with HTTP protocol and JSON format.

5. Easy and direct integration

Easy-to-setup, easy-to-integrate quickly into your SIEM and other security products through a single point of contact (API) or through official security vendor applications markets. Plugins are available for Splunk, AlienVault, ArcSight and Logstash and a powerfull SDK for integration.

Intelligence and data provided

  • Crime servers: Malware distribution domains, C&Cs, phishing, exploit kits and backdoors, ID, type, country, domain, geolocation, ASN ID, status and more.
  • Bot IP: Infected IPs, OS affected, user agent, IP address, geolocation, family type, version, status and more.
  • Attacking IPs. Data related IPs that are performing attacks such as Port scan, brute force, directory scan and more.
  • Malware: hashes
  • Hacktivism: Social monitoring related to hacktivism operations, Ops/Hashtag, country, # tweets per day, tweets.
  • TOR IP: Tracking & discovering Tor Exit Nodes
Community Trial Demo