Spamhaus Intelligence API: Free threat intelligence data for security developers

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour.

Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

The API features live and historical data, including bot names, first seen dates, and valid until dates, providing security developers with the capacity to create additional applications to enhance network security.

Using a combination of machine learning, manual investigations, and heuristics, Spamhaus’s researchers derive this information from data shared by the industry and beyond – including from hosting companies, ISPs, internet governing bodies such as ICANN, and from its own honeypots and spam traps.

“For years, the researchers at the Spamhaus Project have recorded a wealth of intelligence relating to IPs and domains. They’ve been working with big data long before it became the buzzword it is today,” explains Simon Forster, CEO at Spamhaus Technology.

“It’s a pleasure to share this in a readily available API format with the wider internet community. We’re looking forward to seeing the security challenges this data can resolve in live environments.”

There are multiple applications for this data. Spamhaus Intelligence API can be integrated with current applications to provide increased visibility as to where issues have occurred, such as Splunk applications, for example. The use cases are numerous, and include improved incident response, online real-time risk assessment, and trend monitoring.