hslatman/awesome-threat-intelligence

This repository is a curated reference list for people working in cybersecurity who want to track threats, malicious activity, and attack patterns on the internet. Threat intelligence, as the project defines it, is evidence-based knowledge about existing or emerging dangers to computer systems, including context about who is behind them, how they work, and what to do about them. The list is organized into several categories: sources of raw threat data (like feeds of known bad IP addresses, malware hashes, and suspicious domains), data formats used to share threat information, platforms and frameworks for managing and correlating threat data, standalone tools for analysis, and research papers and standards documents. The sources section alone covers dozens of services, including community-driven blocklists, commercial feeds with free tiers, real-time certificate transparency streams, and databases of known malicious IP addresses. Some of these are freely available to anyone, while others require registration or a license for commercial use. Examples include AbuseIPDB for reporting and looking up bad IP addresses, CrowdSec for crowd-sourced attack detection, and feeds from organizations like Cisco and various security research groups. This is not a software project you install or run. It is a reference document, maintained on GitHub and open for community contributions. Security analysts, incident responders, and network defenders use lists like this to find data sources they can feed into their own monitoring tools, firewalls, or threat detection systems. If you are new to security and find the terminology unfamiliar, the scope here is broad: everything from tracking botnets to monitoring phishing domains to analyzing malware certificates. The list has grown large over time, and the full document is substantially longer than the excerpt shown here. The full README is longer than what was shown.