- What is Data Feed?
- What is Cyber Threat Intelligence (CTI)?
- What are Threat Intelligence Data Feeds?
- What is a botnet?
- 4 reasons why spam is dangerous
- Why TOR exit nodes may be dangerous?
- What is the attack surface?
- 5 main components of Threat Intelligence
- What are the key features of a Threat Intelligence Platform (TIP)?
- What is an Indicator of Compromise (IoC)?
- What is CIDR?
- What is a Domain name?
What is an Indicator of Compromise (IoC)?
IoC or Indicator of Compromise is a clue or a piece of evidence that suggests the presence or occurrence of a cybersecurity incident or compromise. It can be used to identify and investigate malicious activities. By identifying and monitoring IoCs, organizations can implement security measures to detect and block known threats, strengthen their defenses, and respond swiftly to potential security incidents.
Our threat data feeds include five types of indicators of compromise:
1. IP addresses
Harmful or known malicious IP addresses linked to malicious actors, command and control (C2) servers or botnets. We support IPv4 and IPv6 addresses. Daily export includes about 1M of IP addresses. These IoCs are included in the following export files:
A. Malicious IPv4/IPv6 address data feeds
Files included:
- *.malicious-ips.v4.csv.gz
- *.malicious-ips.v4.jsonl.gz
- *.malicious-ips.v6.csv.gz
- *.malicious-ips.v6.jsonl.gz
Output formats available:
- CSV
- JSON
Read more: https://falconsentinel.com/documentation.
B. Raw IPv4/IPv6 denylists
Files included:
- *.deny-ips.v4.gz
- *.deny-ips.v6.gz
Output formats available:
- List
Read more: https://falconsentinel.com/documentation.
2. CIDRs
CIDR is a Classless Inter-Domain Routing notation for IP addresses that enables more effective use of IP addresses and routing. A CIDR notation has an IP address followed by a slash and the number of bits of the network prefix, such as 192.0.2.0 / 24. A CIDR notation can also show a range of IP addresses, such as 66.10.5.0 / 27, which covers 32 IP addresses from 66.10.5.0 to 66.10.5.31.
Daily export includes about 1.1M of CIDRs. These IoCs are included in the following export files:
A. Nginx’s ngx_http_access_module compatible IPv4/IPv6 denylist
Files included:
- *.nginx-access.v4.gz
- *.nginx-access.v6.gz
Output formats available:
- ngx_http_access_module compatible. Includes IPv4 and IPv6 ranges in CIDR notation.
Read more: https://falconsentinel.com/documentation.
B. Raw CIDR denylist
Files included:
- *.deny-cidrs.v4.gz
- *.deny-cidrs.v6.gz
Output formats available:
- List. Includes IPv4 and IPv6 ranges in CIDR notation.
Read more: https://falconsentinel.com/documentation.
C. Malicious IPv4/IPv6 ranges in CIDR notation data feeds
Files included:
- *.malicious-cidrs.v4.csv.gz
- *.malicious-cidrs.v4.jsonl.gz
- *.malicious-cidrs.v6.csv.gz
- *.malicious-cidrs.v6.jsonl.gz
Output formats available:
- CSV
- JSON
Read more: https://falconsentinel.com/documentation.
3. Domain names
Harmful or malicious domain names. Daily export includes about 2.3M of the domain names. These IoCs are included in the following export files:
A. Malicious domain name data feed
Files included:
- *.malicious-domains.csv.gz
- *.malicious-domains.jsonl.gz
Output formats available:
- CSV
- JSON
Read more: https://falconsentinel.com/documentation.
B. Hosts file
Files included:
- *.hosts.gz
Output formats available:
- Hosts file format
Read more: https://falconsentinel.com/documentation.
C. Raw domain denylist
Files included:
- *.deny-domains.gz
Output formats available:
- List
Read more: https://falconsentinel.com/documentation.
4. URLs
Harmful or malicious URLs that may be used for phishing attacks, drive-by downloads, or other web-based threats. Includes both full and partial URLs. Daily export includes about 1.1M of URLs. These IoCs are included in the following export files:
A. Malicious URL data feed
Files included:
- *.malicious-urls.csv.gz
- *.malicious-urls.jsonl.gz
Output formats available:
- CSV
- JSON
Read more: https://falconsentinel.com/documentation.