Browse Apps
Integration Documentation
  • Last Updated
    May 28, 2025
  • Version
    2.0.0
  • Compatibility
    ThreatQ versions >= 5.12.0

    • ESET CDF

    ThreatQuotient

    Overview

    The ESET CDF for ThreatQ enables analysts to automatically ingest ESET feeds that contain information about: Botnet network, malicious domains, files and URLs.

    The integration provides the following feeds:

    • ESET Botnet - based on ESET’s proprietary, automated botnet tracking system, this feed features two types of sub-feeds: C&C and targets. The data provided includes items such as detection, hash, last alive, files downloaded, IP addresses, protocols, targets, and other information. IoCs (Indicators of Compromise) include MD5, SHA-1, SHA-256, C&Cs (URLs).
    • ESET Domain - blocks malicious domains to prevent users from visiting the sites and, therefore, stay protected against infections and data breaches. Such domains are usually part of phishing campaigns, malware distribution, or a larger cyber attack. The feed covers the domain name, the data associated with it, and respective malicious activity. The feed also provides information on the level of confidence in the form of an assessment of which domain to block.
    • ESET Malicious Files - provides real-time information on the currently prevalent malware samples as well as their characteristics and IoCs (Indicators of Compromise). It features the assessment of shared hashes of malicious executable files and associated data.
    • ESET URL - provides information about current and prevalent malicious URLs and associated data. The feed is created from all URL sources every five minutes, deduplication happens every 24 hours, and the filtering in this case is stricter to ensure no sensitive information is being shared. Therefore, it is based on sharing URLs without parameters.
    • ESET PUA Adware Files - provides real-time information on the currently prevalent PUA (Potentially Unwanted Application) samples that contain adware or have another unclear objective.
    • ESET PUA Dual-Use App Files - provides real-time information on the currently prevalent PUA dual-use applications. Dual-use apps, such as RMM or other multi-purpose tools, are legitimate (possibly commercial) software that attackers might misuse.

    The integration ingests the following system objects:

    • Indicators
      • Indicator Attributes
    • Malware
      • Malware Attributes
    • Signatures
      • Signature Attributes
    • Identities
      • Identity Attributes
    • Events
      • Event Attributes

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy