This repository has been archived by the owner on May 23, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 60
CIF Feeds
Gabriel Iovino edited this page Jul 8, 2015
·
23 revisions
CIF has the ability to generate Threat Intelligence "feeds" from the it's database of ingested and normalized threats. Minimum characteristics of a CIF feed are:
- Filtered by observable type (IPv4, FQDN, URL, IPv6, EMAIL)
- De-duplicated or aggregated by observable
- Some whitelisting data-sets applied
With those minimum characteristics we would expect that people would apply additional filters, examples of these additional filters would be:
- confidence (-c)
- type (--tags)
- time period (--last-day, --firsttime)
- format (-f csv, -f bind, -f snort)