A list of Cyber Security threat intelligence tools that can be used to lookup domains, IP’s and file hash to gather additional detail around a potential threat.
URL/Domain Analysis
Intelligence Lookup Tool Description AlienVault OTX Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today’s latest threats. Cisco Talos Search by IP, domain, or network owner for real-time threat data. IBM XForce Exchange Search or submit a file to scan. Check for IOCs, keywords, malware intelligence, or even Collections that other users have contributed. WhoIs Investigate the WhoIs records of a domain to identify the owners as well discovery when the domain was first registered and when it was last updated. OPSWAT MetaDefender Cloud Submit and analyse files, URL’S, IP’s, Domains, Hash and CVE’s Palo Alto URL Categorie s Test a site to identify the Palo Alto categorisation. PhishTanks PhishTank is a collaborative database for data and information about phishing on the Internet. URL Void Website reputation checker. VirusTotal Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. MX Toolbox This tool can be used to investigate the MX Records of any domain. URLScan.io An extremely useful tool to investigate a domain/URL which provides a screenshot, similar websites and much more. Hybrid Analysis A free online sandbox (Falcon Sandbox) to investigate URL’s & Files. Cyber Gordon Investigate Domains/IP’s with a tool that collates information from many sources, similar to VirusTotal. Redirect Detective A tool which can be used to investigate where URL’s redirect to. DNS Dumpster A free domain research tool that can discover hosts related to a domain.
IP Analysis
Intelligence Lookup Tool Description AlienVault OTX Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today’s latest threats. Cisco Talos Search by IP, domain, or network owner for real-time threat data. IBM XForce Exchange Search or submit a file to scan. Check for IOCs, keywords, malware intelligence, or even Collections that other users have contributed. IP Void Vast range of IP address tools to discover details about IP addresses. IP blacklist check, whois lookup, dns lookup, ping, and more! OPSWAT MetaDefender Cloud Submit and analyse files, URL’S, IP’s, Domains, Hash and CVE’s TOR Checker Check if an IP was used in the TOR network on particular dates. AbuseIPDB Check an IP, Domain or Subnets reputation. Shodan A search engine which crawls the internet. This can be used to discover information on IP’s and domains. VirusTotal Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. GreyNoise Investigate an IP’s reputation in the GreyNoise database. Feodo Tracker Investigate an IP in a database which tracks active Botnet and C2C channels.
File Analysis
Intelligence Lookup Tool Description AlienVault OTX Learn about the latest online threats. Share and collaborate in developing threat VirusTotal Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. IBM XForce Exchange Search or submit a file to scan. Check for IOCs, keywords, malware intelligence, or even Collections that other users have contributed. MalwareBazaar Investigate a file hash for known malicious files. OPSWAT MetaDefender Cloud Submit and analyse files, URL’S, IP’s, Domains, Hash and CVE’s
Email Analysis
Intelligence Lookup Tool Description Hunter.io This tool lets you find email addresses for domains which have been published online. This is particularly helpful to add additional protection mechanisms and identify areas of heightened risk. DNSTwist & DNSTwister Enumerate a list of potential domains similar to the one entered which can be used to either setup detection rules or to actively block or even buy. Dehashed Query a database of assets compromised in attacks. HaveIbeenpwned Easy tool to check as well as monitor if your email or phone has been breached. Note notifications can be setup for your personal email address/addresses as well as company corporate domai MX Toolbox This tool can be used to investigate the MX Records of any domain.
For a list of Cyber Security threat intelligence sources check out here .
By Alex Wheelhouse
/ April 3, 2022
Description To assist SOC's (Security Operation Teams) and detection engineers I have pulled together a few examples for detection analytics...
Read More
By Alex Wheelhouse
/ January 23, 2022
A collated list of the most useful documented reference material on all things Azure. Azure Sentinel ☁️ Deploy Sentinel as...
Read More
By Alex Wheelhouse
/ August 2, 2021
Azure comes with a few different Azure Sentinel agents for data ingestion to Azure log analytics. The agents are built...
Read More
By Alex Wheelhouse
/ June 21, 2021
Agent Tesla, a malware as a service tool used by hackers and APT's (advanced persistent threats) has recently been under...
Read More
By Alex Wheelhouse
/ June 20, 2021
SOAR Overview Security Orchestration, Automation and Response abbreviated to SOAR is a Security focused platform design to automate many of...
Read More
By Alex Wheelhouse
/ April 6, 2021
Starting out in Information Security There are many avenues to get your foot in the door into and gain Cyber...
Read More
By Alex Wheelhouse
/ January 19, 2021
Cyber security or otherwise known as Information Security is the act of individuals and organisations reducing the risk of cyber...
Read More
By Alex Wheelhouse
/ January 5, 2021
Now I know this is a vastly complicated issue that nearly all Security teams face in their organisation for one...
Read More
By Alex Wheelhouse
/ January 1, 2021
Overview Azure Sentinel Threat Hunting allows Security professionals to proactively identify potential threats that have gone unnoticed through analytics rules....
Read More
By Alex Wheelhouse
/ December 30, 2020
Overview The Azure Sentinel SIEM allows Security Operations team to detect active threats on the network by creating analytics rules...
Read More