/
Applications of the Indicator Sharing Feeds

Applications of the Indicator Sharing Feeds

Owned by Doug McLean
Oct 04, 2024
1 min read

Automated defensive actions, such as blocking associated traffic using firewalls and other perimeter devices, is one use of the feeds. Other members may wish to correlate activity in analytic environments or conduct their own analysis for incident response or threat hunting purposes.

In most cases, organizations don’t need any additional equipment to enroll in the Indicator Sharing Program. Examples of cybersecurity tools that can ingest our feeds include:

Firewalls
Intrusion Detection or Prevention Systems (IDS/IPS)
Security Incident and Event Management (SIEM) platforms
Security Orchestration and Automated Response (SOAR) tools
Endpoint Detection and Response (EDR) agents
Threat Intelligence Platforms (TIP)
Trusted Automated eXchange of Intelligence Information (TAXII) platforms and other databases