Threat Intelligence Data Feed

Equips your security systems with a comprehensive list of IoCs for automatic threat detection and response, enhanced with reach threat intelligence. Available as daily updates or real-time streaming.

Documentation →

Use cases

Enhance your organization's cybersecurity efforts:

Automated Threat Detection

Integrate our threat intelligence Data Feeds and APIs to automatically detect and flag indicators of compromise (IoCs).

Enrichment of Security Data

Use our threat intelligence to enrich alerts and incidents with contextual data, helping security analysts to understand the nature and severity of threats, prioritize and respond to threats more effectively.

Integration with SIEM & SOAR

Integrate with Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to streamline security operations and improve incident response.

Our data enrichments

Explore the output from our Data Feed and API using our Web Lookup. Simply enter an IP address and visualize the data we provide. If you prefer documentation, please refer to our Data Feed Docs.

IP Threat Assessment

Assess whether an IP is classified as a Threat, Benign, Suspicious, or Unknown. For identified threats, provide details regarding the type of the threat.

- Threat Type
- First/Last Seen

IP Geolocation

Obtain the geolocation information for the IP address.

- Country
- Region
- City

Reverse DNS (PTR)

Retrieve the PTR record and compare whether the reverse and direct resolution results match.

- PTR Record
- Records Match Flag

AS Info

Display autonomous system details.

- ASN
- Name
- Domain Name

WHOIS (IP Netblock) Info

Retrieve IP Netblock (WHOIS) information for the IP address, supplemented with the general threat score for this block.

- Netblock Threat Score
- Registrar Organization
- Range Borders
- Network Name
- Organization Details
- Admin/Tech/Abuse Contact Info
- Last Modified

We cover the following threat types

Attack

Malicious activity detected from the host.

C2 (C&C)

Known botnet's "Command and Control" hosts.

Malware

Hosts related to malicious software distribution.

Phishing

Hosts involved in phishing activity.

Spam

Hosts engaged in sending spam.

Suspicious

Hosts whose activity hasn't been confirmed as malicious but remains suspicious. For example, it could involve hosts scraping websites or sending a large number of ICMP queries.

Coverage statistics

Active malicious hosts identified over the past 14 days, by threat type.

Our Threat Intelligence data sources

By combining data from the following multiple sources, our products provide you with a comprehensive and accurate view of the threat landscape, enabling you to take proactive steps to protect your organization from cyber threats.

OSINT

We collect indicators of compromise (IoCs) and threat data from open sources, combining details from nearly all available public sources into one centralized location.

Honeypots/sensors

We operate a custom network of honeypots to trap and study attacks's infrastructure.

Algorithmic and Machine Learning Analysis

We use known IoCs to predict and discover new potential threats, which we then validate and incorporate into our database.

Abuse Reports

We gather abuse reports and scrutinize them for insights.

In-House Research

Our specialist team conducts independent research to pinpoint and dissect new IoCs.

Own Data Enrichments

We continuously collect, process, and unify essential enrichment data, including IP Geolocation, Proxy Detection, Reverse DNS (PTR), AS Information, WHOIS (IP Netblock) Information, and more.

Download samples

Core data feed

Contains IoCs, their associated threat types and first/last seen date fields.

Documentation →

Professional data feed

Contains all from Core, plus Country, Region, City, PTR Value and PTR Reverse Match fields.

Documentation →

Ultimate data feed

Contains all from Professional, plus IP Netblock Score, WHOIS (Netblock) Info, ASN Number, ASN Name and ASN Domain.

Documentation →

Database integrations

Seamlessly access, deploy, and utilize our data feeds through the Snowflake and AWS Marketplaces.

Stream newly discovered IoCs in real-time

Our systems continuously discover new IoCs and enrich them with intelligence information. This information becomes immediately available in our API and Lookup. However, it is added to Data Feeds only once a day, with a daily export. To keep your threat repository as up-to-date as possible, connect to the Streaming Version of our Data Feeds. The average delay between threat discovery and streaming is under 5 minutes. Please contact us for more details.

You’ll be in good company

Our solutions are already used by HiQ Finland, Deloitte, Amesan Consulting, Swedbank, Cisco, Accenture, Nielsen Suomi, CGI, Telia, Digital Ocean, University of Southern California, and others.

Pricing plans

Billed MonthlyBilled Annually🎁 2 months FREE

	Core	Professional	Ultimate
Output fields	Core fields: IoC (IPv4 or IPv6 address) Threat Types First Seen Last Seen	All from Core, plus: Country Region City PTR Value PTR Reverse Match	All from Professional, plus: IP Netblock Score WHOIS (Netblock) Info ASN Number ASN Name ASN Domain
Dedicated support
Custom output formats
Custom data enrichments
Streaming version
Price	$1,900/mo	$3,400/mo	$5,900/mo

Please note that our services are exclusively for registered companies. Orders from private individuals or emails that do not match the company domain name will not be processed.

For invoice payments, please get in touch with us via support@falconsentinel.com or Contact us form.

Experience our data in action with a live IP Lookup

Contact Us

Have a technical issue? Want to provide feedback? Need information about our subscription plans? We're here to help! Please note that our services are exclusively for registered companies. Requests from private individuals or emails that do not match the company domain name will not be processed. You can also reach us at support@falconsentinel.com.