Cyber Threat Intelligence Feeds

New Detection Rules Feed

The feed offers a continuous stream of newly published detection rules, sourced from over 40 public GitHub repositories.

It is designed for individual researchers, students, or security teams on a limited budget looking to track emerging detection trends and gain early visibility into new detection methods.

186 entities / +6 per day
STIX/TAXII MISP
Free access

Detection Rules Pro Feed

A full collection of new rules and rule modifications. Rules are pre-processed and are shipped with extracted key observables (IPs, hashes, etc.) for direct use in SIEM/TIP platforms.

The feed is designed for SOC teams and detection engineers who need reliable, actionable data for direct use in SIEM/TIP platforms and for CTI correlation. The inclusion of rule updates also aids teams in maintaining and refining their own detection logic by observing community best practices.

13741 entities / +458 per day
STIX/TAXII MISP
$1000/month

Enterprise Detection Intelligence Feed

Premium feed that expands "Detection Rules Pro" Feed with analysis and guidance. The feed includes rule change analysis with impact guidance, correlation to active CVEs and threat campaigns, and a weekly detection engineering brief, all designed to support strategic decision-making, prioritization of efforts, and a robust, proactive detection posture.

The feed is best suited for mature security operations centers, threat intelligence teams, and proactive detection engineers requiring advanced context.

14425 entities / +481 per day
STIX/TAXII MISP
$1500/month
Questions? Drop a message to [email protected]