Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

CIF Feeds

Jump to bottom
Gabriel Iovino edited this page Jul 8, 2015 · 23 revisions

Introduction

CIF has the ability to generate Threat Intelligence "feeds" from the it's database of ingested and normalized threats. Minimum characteristics of a CIF feed are:

  1. Filtered by observable type (IPv4, FQDN, URL, IPv6, EMAIL)
  2. De-duplicated or aggregated by observable
  3. Some whitelisting data-sets applied

With those minimum characteristics we would expect that people would apply additional filters, examples of these additional filters would be:

  1. confidence (-c)
  2. type (--tags)
  3. time period (--last-day, --firsttime)
  4. format (-f csv, -f bind, -f snort)

Examples

FQDN

IPv4

URL

Email

IPv6

Creative Commons License

Clone this wiki locally