Intel 471 has announced the release of a MISP integration with premium cybercrime feeds. MISP is an open source threat intelligence platform for gathering, sharing, storing and correlating indicators of compromise (IoCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counterterrorism information.
Intel 471’s integration will give users the ability to maximize the value of our data without unmanageable complexity. Our data is stored in a structured manner and provides correlated and automated exports for IDS or SIEM in a range of formats including STIX, STIX2, OpenIOC and CSV.
The integration also facilitates enhanced correlation through the use of MISP galaxies and Intel 471 tagging.
Intel 471 now offers the following MISP feeds and modules:
- Vulnerability: Reports and structured data objects for all common vulnerabilities and exploits (CVEs) we report on that are being weaponized and productized in the underground.
- Malware: In-depth technical malware intelligence reports with ongoing tracking and a near real-time feed of the latest and historic IOCs for more than 30 malware families.
- Bulletproof hosting: Near real-time feed of IOCs associated with providers that we track.
- Adversary: Actor-centric intelligence combining field-based intelligence collection and headquartered-based analysis.
- Malware (Freemium): As above but complimentary access for three of the malware families we monitor: