Apr 1, 2025
2.0.1
ThreatQ versions >= 5.6.0
Spamhaus CDF
Overview
The Spamhaus CDF for ThreatQ enables users to to ingest CIDR Block indicators, along with attributes and tags, allocated from compromised or known cyber-crime operations.
The integration provides the following feeds:
- Spamhaus DROP List - ingests CIDR Block indicators from netblocks allocated directly by an established Regional Internet Registry (RIR) or National Internet Registry (NIR) that are “hijacked” or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).
- Spamhaus EDROP List - an extension of the DROP list that includes sub-allocated netblocks controlled by spammers or cyber criminals.
- Spamhaus eXBL - enables the automatic ingestion of the eXBL dataset that Spamhaus offers (typically downloaded using rsync)
The integration ingests the following system objects:
- Indicators
- Indicator Attributes