Knogin
[Inlichtingen]

Threat Intelligence Feed

The Threat Intelligence Feed integration provides threat enrichment capabilities for cyber investigations and threat analysis.

Modulemetadata

The Threat Intelligence Feed integration provides threat enrichment capabilities for cyber investigations and threat analysis.

Terug naar Lijst

Bronverwijzing

content/modules/cloudflare-threat-intelligence.md

Laatst bijgewerkt

5 feb 2026

Categorie

Inlichtingen

Inhoudschecksum

59b1f6cc1ecbe699

Tags

intelligencereal-time

Gerenderde documentatie

Deze pagina rendert de Markdown en Mermaid van de module direct vanuit de publieke documentatiebron.

Overview#

The Threat Intelligence Feed integration provides threat enrichment capabilities for cyber investigations and threat analysis. The system offers domain intelligence, IP risk scoring, passive DNS history, URL scanning, and WHOIS data, enabling analysts to quickly assess the risk profile of domains, IP addresses, and URLs encountered during investigations with real-time access to a global threat intelligence network.

Key Features#

Domain Intelligence#

Risk scoring on a 0-10 scale for assessed domains with category classification, resolution data, and popularity ranking. Identify malicious, phishing, and command-and-control domains during investigations.

IP Risk Scoring#

Assess IP address reputation with risk categorization, geolocation data, ASN information, and historical threat activity. Identify IP addresses associated with known threat actors, botnets, or malicious infrastructure.

Passive DNS History#

Historical DNS resolution data showing how domains and IP addresses have been associated over time. Trace infrastructure changes, identify domain parking patterns, and discover related malicious domains.

URL Scanning#

On-demand and automated scanning of URLs for malicious content, phishing indicators, and malware delivery. Risk assessment with detailed scan results including page content analysis and redirect chain examination.

WHOIS Data#

Registration information for domains including registrant details, registration dates, nameservers, and registrar information. Historical WHOIS data supports investigation of domain ownership changes.

Threat Categorization#

Automated classification of observed indicators into threat categories including malware distribution, phishing, command-and-control, spam, and other threat types for prioritized investigation response.

Use Cases#

  • Cyber Investigation Enrichment: Automatically enrich domains, IPs, and URLs encountered during investigations with threat intelligence scoring and categorization.
  • Phishing Investigation: Assess suspicious URLs and domains for phishing indicators, registration anomalies, and associations with known threat infrastructure.
  • Infrastructure Mapping: Use passive DNS and WHOIS data to map threat actor infrastructure and identify related malicious domains and IP addresses.
  • Proactive Threat Hunting: Monitor domains and IP addresses for changes in threat categorization that may indicate compromise or emerging threats.

Integration#

Enrichment data integrates with investigation workflows, alert triage, and threat analysis platforms. API access enables automated enrichment of indicators encountered across the platform.

Last Reviewed: 2026-02-05