Threat intelligence

Ingest threat intelligence indicators from various threat intelligence providers.

Available Threat intelligence integrations include:

  • AbuseCH: Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent.
  • AlienVault OTX: Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent.
  • Anomali: Ingest threat intelligence indicators from Anomali with Elastic Agent.
  • Collective Intelligence Framework v3: Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent.
  • Custom Threat Intelligence: Ingest threat intelligence data in STIX 2.1 format with Elastic Agent
  • Cybersixgill: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent.
  • EclecticIQ: Ingest threat intelligence from EclecticIQ with Elastic Agent
  • Maltiverse: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent
  • Mandiant Advantage: Collect Threat Intelligence from products within the Mandiant Advantage platform.
  • MISP: Ingest threat intelligence indicators from MISP platform with Elastic Agent.
  • OpenCTI: Ingest threat intelligence indicators from OpenCTI with Elastic Agent.
  • Recorded Future: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.
  • ThreatQuotient: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent.