Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
May 21, 2022

Choosing Threat Intelligence Sources

Is anyone aware of a thorough comparison of the TI feed options that can be used by Sentinel? I'm interested in learning more about when to use the various TAXII and TIP providers. Some technical or risk based guidance to help make these decisions would be useful

threat intelligence

2 Replies

  • JKatzmandu's avatar
    JKatzmandu
    Brass Contributor
    May 23, 2022
    OSInt threat feeds are like automobile manufacturers. People have different allegiances to specific vendors for various reasons, and some of those include non-tangible/non-empirical reasons. I don't think there is a matrix or or rating of the quality of the different OSInt threat feeds which exist.

    Personally, when setting up Sentinel for customers I have a cookbook that integrates many of the basic feeds from Anomali via TAXII to a Sentinel instance.
    • Dean_Gross's avatar
      Dean_Gross
      Silver Contributor
      May 23, 2022
      Thanks, I have been doing the same thing, but I would like to get more knowledgeable about the various feeds so that I can provide the most appropriate recommendation to different clients. This sound like it could be a good project for my summer intern to dig into 🙂