New!

Intelligence Insights Beyond Your Borders

Get a real-time threat intelligence feed containing invaluable insights into over 30M IP addresses daily.

Talk to an Expert

Background

Security teams and analysts constantly encounter security alerts and need immediate context and enrichment to identify “friend or foe”, and go deeper to classify addresses to associate with known threats.

The new Insights Threat Feed from Team Cymru is easily ingested into your SIEM or TIP and provides enriched intelligence you need to identify and respond threats faster and more accurately.

What Is It?

A global threat intelligence feed containing daily, in-depth information on over 30 Million IP addresses and CIDRs.
This valuable intelligence is observed on the internet and contains indicators to categorize IP’s using Tags and additional details. This information enables analysts to classify and categorize IP addresses and increase reaction and response capabilities.
Tagging helps identify if an IP or CIDR is affiliated with botnets, scanners, IoT, mobile, router, etc. These tags will help you identify, monitor, and block harmful IPs to protect from various threats.
Delivered through an API as JSON file and with STIX* format through the TAXII* protocol.

Features

24 different tag families with over 2,000 different tags

The Insights Feed enriches existing platforms like SIEM, SOAR and TIP


Easily ingested in STIX format from our Taxii Server or through XML

Can be ingested into SOAR platforms to drive automated workflows and playbooks

Integrating the Insights Feed using STIX and TAXII offers a powerful way to exchange threat intelligence between organizations and systems in a structured, standardized, and automated manner.

Integrations using TAXII are available for Google SecOps, Microsoft Azure Sentinel and Palo Alto XSOAR.

Integration with Splunk through a dedicated Splunk App.

Automation (SOAR) platforms such as Palo Alto Cortex SOAR and Tines can easily ingest the Insights feed through API.

Tag Family Names

Use cases

Security alert triage and management

Quickly assess alerts on IPs for the identification and mitigation of threats. Enhance and enrich security incident investigations with actionable insights.

Integration in TIPs, SOARs and SIEMs

Integration into monitoring tools for enrichment, which is then reflected in security logs, dashboards, and reports.

Correlation

Enhance threat detection by correlating events with the nature of IP addresses, improving incident detection accuracy. Enrich threat data, making it easier to identify and respond to threats based on the nature of the IP addresses involved.

Inform Access Control Policies

 Configure access control or firewall rules to block traffic from certain IPs based on their tags and insights (e.g. malicious IPs).

Endpoint (EPP/EDR) and MDR Integration: Incident Response

Consolidate tools, reduce alert fatigue, and provide real-time intelligence to enable faster, more accurate threat investigations. Empower SOC and IR teams t These tools can use IP tags and insights to prevent endpoints from connecting to or receiving traffic from dangerous IPso make informed decisions and improve defenses.

Who Will Benefit?

SOC Analyst
Needs real-time, actionable threat data to filter false positives and focus on critical threats. Sort our alerts.
Incident Responder
Requires enriched data for fast threat correlation and incident management.
Threat Hunter
Seeks comprehensive data to proactively identify hidden threats and emerging vulnerabilities – typically will leverage the feed with other sources.
IT Security Architect
Requires customizable threat data that integrates with existing security infrastructure. Leverage data in the feed to tweak network security policies.
CISOs
Receive trategic insights to assess risk and guide cybersecurity investments. Leverages the feed along with other data and/or through platforms to get executive-level reports.
Managed Security Service Providers (MSSPs)
Leverage the feed to enhance threat detection capabilities and integrate in their own solutions.

Experience Team Cymru Insight Threat Feed in Action

Take the next step with a demo, free trial, or conversation with Team Cymru.

Talk to an Expert