top of page

Threat Intelligence - We know Threat Intel!

When you purchase a Jigsaw Analytic Product or Platform you automatically gain access to the Jigsaw Threat Intelligence library. Customers that already have subscriptions with the vendors below can natively access those products in the Jigsaw Enterprise Platform. We realize that not all customers security needs are the same and we want to give you options that make sense and ensure you can use your threat intelligence subscriptions with all of our products.

Jigsaw Intelligence Feed $49,995.95 MSRP Annual Subscription

Jigsaw Security Enterprise provides a threat intelligence capability through our Security Operations Center located in Raleigh, North Carolina. Our SOC provides continuous, near real-time cyber security indicators and protections services to clients in various threat intelligence formats. This service allows our customers to utilize our threat intelligence product regardless of what systems they have deployed to protect their networks. In addition for customers that have no security monitoring in place we can provide public facing DNS servers loaded with our RPZ feed to protect entire offices with a simple change of your DNS servers. The following feeds are available in our threat intelligence product.

NOTE: Government and Law Enforcement receive intelligence free of charge through our intelligence fusion center.

Consuming our Threat Intelligence Data:

  • MISP Push Feed - We push data to your existing MISP instance

  • TAXII Server - You poll our Taxii server for Jigsaw and third party data

  • CSV Download - Download update files in CSV Format for use in your own products and services

  • Cloud Based Research Portal - Acces our cloud based search for indicator and threat intelligence data

  • Jigsaw Enterprise Platform - Use our data on your network to find threats in an automated process with customized dashboards

OSINT Feeds (Open Source Data):
  • Alienvault OTX - Public and Specific Information of Interest

  • Alienvault Blocklist - A list of known bad actors from Alienvault

  • Malc0de Blocklist - A list of known bad actors

  • Malware Domain List - A list of known bad actors

  • Maxmind Proxy Fraud - Proxy servers used by fraud actors

  • HITRUST - HITRUST Threat Sharing Community - Members Only - Jigsaw Contributor

  • Malware DNS - Malicious Files and Hash Sets

  • Malware via HTTP - Malicious Files served on Webservers

  • Malware via IRC - Malicious Files served on IRC or C2 use of IRC Servers

  • Open Blacklist - An Open Source Blacklist of Threats

  • Message Board Spam Sources - Known Spammers

  • Malware Blogs - Analyst data ingested through our OSINT-X monitoring

  • Known Proxy Servers - A reference to identify proxy servers Known

  • Open Proxy Servers - A reference to identify proxy servers with no access controls used by hackers

  • Proxy Spy List - Proxy Servers used by hackers to steal information

  • Confirmed Proxy Servers - Proxy Servers used by hackers to steal information

  • Ransomware Sources - A known list of ransomware sources

  • Proxy Server Abuse Monitoring - A known list of malicious proxy servers

  • Web Proxy Server Abuse Monitoring - A known list of malicious proxy servers

  • Shunlist - Bad actors and sites from autoshun.org

  • SSL Known Proxies - A list of encrypted open proxy servers

  • Threatcrowd C2 Servers - Malicious actors callback addresses from Threatcrowd

  • Active TOR Exit Nodes - List of fast changing TOR exit nodes

  • Trusted Security Bad Reputation - Trusted Security Internet Reputation

  • Malware Hosting URL List - URL List of Known Bad Malware Mailservers

  • Virus List - Mailservers sending large amounts of viruses via Email

  • SIP Protocol Attacks - Attacks on VOIP Networks and SIP

  • SSH Protocol Attacks - Attacks on SSH Servers and Vulnerabilities

  • BotScout Attackers - A list of known botnet attackers

  • ICS-ISAC - Collaboration with ICS ISAC and feeds of related IoT Attackers

  • Compromised Host - Compromised Infrastructure List

  • Brute Force Blocker - List of attackers and compromised systems observed attacking protected networks and clients

  • CI Army Bad Reputation - Actors observed by CI Army

  • CTA Cryptowall Feed - *Legacy* Low Volume Historical Tracker

  • DShield Top 1000 Attackers - ISC Observed Attackers List

  • Emerging Threats Feeds - Various Data sources provided by Emerging Threats

  • Wordpress Malicious Activity - Observed Attackers on Wordpress Software

  • ImproWare Antispam Blocklist - Known Email Spammers

  • ImproWare Antiworm Blocklist - Known Virus Worms and Autopopulating Samples

  • Malware Traffic Analysis - Information from malware-traffic-analysis.net

  • Jigsaw OSINTx Feed - Jigsaw Security OSINT data used to determine cyber threats

  • RSS Security Feeds - Jigsaw Security OSINT data extractions from RSS Feeds

  • Twitter Honeypot Collaborators - Near realtime honeypot data from Twitter feeds of trusted partners and members of our network

  • Jigsaw Analytics Platform - 480 Sources of Data brought into our Jigsaw Platform for analyst - Intelligence Products

  • Jigsaw SIGINT - Collection, enrichment and keyword analysis of open communications

  • IRC Chat Monitoring - Monitoring the most frequently used IRC chat rooms frequented by hackers

  • ThreatConnect - Data shared with Jigsaw through the ThreatConnect platform

  • ThreatCrowd - Threat Intelligence provided by ThreatCrowd (Enrichment)

  • VirusTotal - Threat Intelligence provided by VirusTotal (Enrichment)

  • Paste Site Targeted Collection - Collection of Paste data of Jigsaw Customers and Partners - Analyst notifications of threats

  • Jigsaw Credential Monitor - A list of passwords noted as compromised by Jigsaw Analytics products

  • CVE Vulnerabilities - Vulnerabilities tracked by MITRE Corporation

Enhanced Data Sets (Open Source and Proprietary):
  • Nothink Malware Domains

  • Falconcrest IPBL

  • Spamhaus Extended Drop List

  • HMA Proxy IPs

  • ICS SANS Suspicious Domains - Low Fidelity

  • Malekal Malware Domains

  • TOR Exit Addresses

  • H3X Asprox Tracker

  • OpenPhish

  • SLC Security Attack List - Affiliate of Jigsaw Security

  • Packetmail iprep CARISIRT

  • Xecure Lab Open Phish Feed

  • Abuse.ch Ransomware IP's

  • Clean MX Phishing URLs

  • Cruzit Server Blocklist

  • Arbor Atlas

  • YoYo Ad Servers

  • Shadowserver Command and Control Host

  • ICS SANS Data Feeds

  • ATLAS SSH Brute Force Infiltrated Blacklist

  • Berkeley Security Agressive IPs

  • VMX SSH Brute Forcers

  • VX Vault MD5 Hashes

  • Imp.sh Malicious Data Feed

  • CyberCrime Malware Patrol

  • FireHOL Blocklist

  • Bambenek Consulting Command and Control Master List

  • CI Army

  • Joe Wein Domain Blacklist

  • KJ Malware URLs

  • Project Honeypot

  • Modern Honeypot Network - Private Feeds and Public Feeds - Jigsaw Operated a very large MHN infrastructure

  • NoThink Malware HTTP

Commercial Data available through Jigsaw Security (Customer must have subscription):

  • Crowdstrike - Data available only to Crowdstrike Subscribers

  • Dell SecureWorks - Data available only to SecureWorks Subscribers

  • Alienvault - Data available only to Alienvault Subscribers

  • Anomali Threatstream - Data available only to Threatstream Subscribers

  • Jigsaw Commercial IOC Feed - Provides high level feed for use in our Analytic Platform for matching IOC's to logs, packet data, etc.

Customers of these commercial services can receive feeds through the Jigsaw Security Enterprise Threat Intelligence Delivery Service. You must be a subscriber of these services and must provide your API key in our platform for delivery.

Just Need Data?

Customers wishing to use our data in their cyber security products can do so easily. Jigsaw Security utilizes a one to many data model to distribute data to an ssh enabled drop box in near real time. As soon as we ingest data into our platform we distribute it via our one to many software application.

This model allows our partners and subscribers to utilize our data in their products easily. Common CSV output ensures compatibility with nearly any security based product. In addition we support RPZ, STIX/TAXII, JSON, Snort, Suricata or text blogs so you can use our data in whatever format you need. To get a safemove feed contact Jigsaw Security at (800) 447-2150 Ext 6.

bottom of page