Happy Friday everybody! We are working this Friday even though as the year winds to a close and everybody is taking their vacation days so they don't lose them. While working with some analyst this morning we heard one of them say "If it's free, you can't complain".
So we decided that we would go ahead and write about it today. Normally we keep our post more technical or to a point but today we thought we would change things up and cover some topics not often covered. So what did our analyst mean when he said "if it's free, you can't complain"? What he was referring to? (I better watch using the term he today, maybe I'll just say analyst) Our analyst was commenting on a data feed that we get in our OSINT-X feeds at Jigsaw. OSINT-X is responsible for collecting, categorizing and making open source data available to analyst so they can constantly get a feel for what is going on in the world. The OSINT-X product is a web based page, tied to both Hadoop and a MySQL database that holds it's settings. When new news and information such as attacks are talked about on the Internet or in the media, OSINT-X grabs that content and ingest it so analyst have the latest information. This morning it was funny watching our analyst read one story by ARS Technica (It was this story here) talking about the new Quad9 DNS filtering service which is ironically very similar to what our FirstWatch sensor does.
What stood out in the article was the fact that like Google using repetitive numbers to get people to use a service (in this case the IP address of 220.127.116.11) I figured we may have a look since it's similar to our product.
And then the fun happened...
So after reading that article the next thing to review was our inboxed content. You see OSINT-X also can receive and process email and that is how we get notifications of things that are occurring. IN the inbox is an email from Recorded Future one of the big players in the "intelligence" field.
Below is a screenshot of the "Emerging Threats" and low and behold look who made the list.
So that's great! The new kid on the block is getting picked on because some IDS sensors are detecting strange traffic to that site after a press release. This kind of reminds us of the time that Cisco decided it was a good idea to block our email on their services because we were notifying people that their accounts had been breached. In fact Cisco said because the people didn't ask for our email that we were spamming. Who knows maybe we were but the point is something the intent behind an email or the reason behind what is occurring on your IDS sensors may be worth researching before publishing indicators especially when you report on the same open source news that we use as analyst.
That's all for now, we hope you liked the change in pace. Until next time... Happy Friday and Have A Great Weekend!