Skip to main content

RST Threat Feed

High-fidelity threat intelligence database available via API to check domains, URLs, IP addresses and Hashes

RST Threat Feed covers multiple categories of indicators including Phishing, Web Attacks, C2 Servers, Botnet, Malware, TOR nodes, Scanning Hosts, Bad Bots, DDoS, Cryptomining, Spamming Hosts, Fraud and other types.

Each indicator has an individual score calculated based on the qualitative and quantative parameters: what type of the indicators it is, who is the reporter of the indicators, how many others are already aware of that indicator, was that indicator exposed previously and many other contributing factors.

The pack includes:
1) RST Threat Feed API integration:

  • an ability to check IP, Domain, URL or Hash in real-time
  • functions to submit a new indicator to the cloud and to submit a potential false positive IoC
    2) Playbooks:
  • RST Threat IP enrichment playbook
  • RST Threat Domain enrichment playbook
  • RST Threat URL enrichment playbook
  • RST Threat Hash enrichment playbook

PUBLISHER

RST Cloud

INFO

CertificationRead more
Supported ByPartner
CreatedFebruary 2, 2021
Last ReleaseMay 11, 2022
Breach NotificationIncident ResponseHuntingMalwareThreat Intelligence Management
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.