Business Protect Threat Data Feeds
Hello _fullname_!
Welcome to the Business Protect customer portal!
Thanks for your subscription, we look forward to providing for your threat data needs. You will find download instructions and data feed links below.
As a reminder:
- The feeds contain only live data
- We do NOT offer ‘diffs’ or incremental updates
- Every indicator is validated by our monitors at leastonce per day
- We advise you to download data every hour. There are no download limits.
Contact our support team at [email protected] for any technical difficulties or questions. We look forward to assisting you with the integration processes in any way possible.
If you need data that is not available with your subscription, please visit our Enterprise page for a list of the additional commercial data feeds we offer. If that still isn’t what you are looking for, we’ll be more than happy to discuss your specific needs.
Managing Your Account
Visit 2CheckOut, our payment processor, to review your invoices or update your payment method. You will need your receipt/order number and your payment method for verification. Your account may be terminated if you share credentials.
Download Instructions
There are multiple ways to automate the download and ingestion of our data feeds. Specifics depend on your operating system, environment and use of the data.
As the majority of our customers utilize the data in *nix environments, the common tools used for automation are ‘wget’ and ‘curl’. A basic ‘wget’ command to download a data feed looks like the following:
wget no-check-certificate –user=’_username_’ –password=’_password_’ -O /_directory_/_MP.feed_URL_COPIED_FROM_YOUR_CUSTOMER_PORTAL_
The download and the ingestion of the data by whatever software you use also require the operating system to recurrently perform these tasks. For that, a ‘cron‘ job is the choice of most of our customers and we suggest setting it to run every hour.
Configuration Assistance
We have configuration guides for some systems, or we will respond to assistance inquiries sent to [email protected] and/or your Account Manager.
If you need further assistance automating the ingestion of our data, please provide details on the operating system, the software that will use our data and any other specificity of your environment. We will be more than happy to try to assist you make the ingestion process as easy and automated as possible.
Malware URLs and Domains
Sanitized Malware URLs
(Protocol, host name, domain name, and directories)
(Accepts whitelist)
Data consolidated in _list_sanit_live_limited_ entries
BIND9 RPZ – DNS Firewall
(Accepts whitelist)
Configuration Guide
Data consolidated in _list_rpz_malware_ entries
Carbon Black 4.1+ domains IOCs
Data consolidated in _list_carbonblack_domains_ entries
ClamAV Virus DB (basic)
(Accepts whitelist)
Configuration Guide
Data consolidated in _list_clamav_ entries
ClamAV Virus DB (extended)
(Accepts whitelist)
Configuration Guide
Data consolidated in _list_clamav_ext_ entries
pfBlockerNG
(Accepts whitelist)
Data consolidated in _list_pfblockerng_ entries
pfSense
(Accepts whitelist)
Data consolidated in _list_pfsense_ entries
Postfix MTA
(Accepts whitelist)
Data consolidated in _list_postfix_ entries
SpamAssassin
Data consolidated in _list_sa_ entries
Squid Web Proxy ACL
(Accepts whitelist)
Data consolidated in _list_squid_ entries
SquidGuard
(Accepts whitelist)
Data consolidated in _list_sguard_ entries
IP Addresses
Cisco ASA FirePOWER – IP addresses of active C2s and DGAs
Configuration Guide
_list_cisco_asa_ips_0_10_10_ IPs resolved from C2s detected in the last 10 days and DGAs active in the last 10 days and the ones that don’t depend on time seeds
IP addresses of C2s
_list_c2_ips_simple_0_10_ IPs resolved from C2s detected in the last 10 days