RST Threat Feed covers multiple categories of indicators including Phishing, Web Attacks, C2 Servers, Botnet, Malware, TOR nodes, Scanning Hosts, Bad Bots, DDoS, Cryptomining, Spamming Hosts, Fraud and other types.
Each indicator has an individual score calculated based on the qualitative and quantative parameters: what type of the indicators it is, who is the reporter of the indicators, how many others are already aware of that indicator, was that indicator exposed previously and many other contributing factors.
The pack includes:
1) RST Threat Feed API integration:
- an ability to check IP, Domain, URL or Hash in real-time
- functions to submit a new indicator to the cloud and to submit a potential false positive IoC
- RST Threat IP enrichment playbook
- RST Threat Domain enrichment playbook
- RST Threat URL enrichment playbook
- RST Threat Hash enrichment playbook