The RST Threat Feed service collects actual knowledge about threats from various TI sources. It normalises, filters, enriches and scores the data to share it with your security team and integrate with Maxpatrol SIEM.
What makes us different
IoC normalisation, filtering and standardisation when collecting indicators: • data is normalised and is stored in one format • all malware names are unified • noise is filtered (MS Updates, CDPs, Well-known IPs, etc.)
Content enrichment: • all context data is parsed and normalised • lots of additional enrichment mechanisms • dedicated Whois API for domain data
Content and categorization: • more than 20 malware categories • Industry Tagging • 250k+ unique indictors per day • Related indicators and CVEs • ASN (Org, Number of domains registered) and URL verification • References to the sources and related indicators