安全开源情报
Posted harry1989
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安全开源情报相关的知识,希望对你有一定的参考价值。
国内:
微步:https://x.threatbook.cn/
华为:sec.huawei.com
国外:
1. Department of Homeland Security: Automated Indicator Sharing
Private companies are able to report cyber threat indicators with the DHS, which are then distributed via the Automated Indicator Sharing website. This database helps reduce the effectiveness of simple attacks by exposing malicious IP addresses, email senders, and more.
2. FBI: InfraGard Portal
The FBI’s InfraGard Portal provides information relevant to 16 sectors of critical infrastructure. Private and public sector organizations can share information and security events, and the FBI also provides information on cyber attacks and threats that they are tracking.
3. @abuse.ch: Ransomware Tracker
Ransomware Tracker collects data related to ransomware attacks so that security teams can check IP addresses and URLs against those that are known to be involved in attacks. The tracker provides detailed information on the servers, sites, and infrastructure that have been exploited by ransomware actors, as well as recommendations for preventing attacks.
4. SANS: Internet Storm Center
The Internet Storm Center, formerly known as the Consensus Incidents Database, came to prominence in 2001, when it was responsible for the detection of the “Lion” worm. It uses a distributed sensor network that takes in over 20 million intrusion detection log entries per day to generate alerts regarding security threats. The site also provides analysis, tools, and forums for security professionals.
5. VirusTotal: VirusTotal
VirusTotal uses dozens of antivirus scanners, blacklisting services, and other tools to analyze and extract data from files and URLs submitted by users. The service can be used to quickly check incidents like suspected phishing emails, and every submission is retained in its database to build a global picture of cyber threats.
6. Cisco: Talos Intelligence
The Talos threat intelligence team protects Cisco customers, but there is a free version of their service available. Talos’ unmatched tools and experience provide information about known threats, new vulnerabilities, and emerging dangers. Talos also provides research and analysis tools.
7. VirusShare: VirusShare Malware Repository
VirusShare is an online repository of malware created and maintained by J-Michael Roberts, a digital forensics examiner. The site gives researchers, incident responders, and forensic investigators access millions of malware samples.
8. Google: Safe Browsing
The Safe Browsing service identifies dangerous websites and shares the information to raise awareness of security risks. Safe Browsing finds thousands of unsafe sites every day, many of which are legitimate sites that have been compromised by hackers.
9. National Council of ISACs: Member ISACs
While some ISAC feeds are quite expensive, others are free. The National Council of ISACs provides a comprehensive list.
10. The Spamhaus Project: Spamhaus
Spamhaus is a European non-profit that tracks cyber threats and provides real-time threat intelligence. Spamhaus has developed comprehensive block-lists for known spammers and malware distributors, which they provide to ISPs, email service providers, and individual organizations.
参考资料:
1. https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/?__cf_chl_jschl_tk__=7a9f8cce5ac8d6dd9880c62707fc61dbc247e5f8-1575715644-0-AUD4HhHNqhKYI4CqP5UPuvhuXZpWZUR8grqACYw1IIvW5GJ-yoCbut-hpvSWITxIi1Tf8Y71XoA3K7kw66A7rsTto8ZcXs1adG04oZvGmtJpVxy8fI8vwMlqnucKfZA4Lj_8LdIEX3TNRCrKgq53-a4LG29AbqZ8L2vb1dDtEdCGuan12Jd2tqAgwkI0seE-vvRAEa2NUUvRTwGQPAvi-RM17EYqOuWgVTux8AVC6jZBKYLg7Fe2hS73UtGfKgQA3Yv3BBNtxGpUJIB-7zgdHEshXXGLIQ8yqHKFIR2n0wCG_KSVi_aqTesI2UZbklT7Ko9mC5QkS9j9piJk_MPtEOU
以上是关于安全开源情报的主要内容,如果未能解决你的问题,请参考以下文章