• Last Updated
    Oct 15, 2024
  • Version
    1.0.2
  • Compatibility
    ThreatQ versions >= 5.12.1
  • ZeroFox CTI Feeds

    ThreatQuotient

    www.zerofox.com

    Overview

     
    The ZeroFox CTI integration for ThreatQ enables the automatic ingestion of cyber threat intelligence such as botnets, malware, ransomware, exploits, c2 servers, and more from the ZeroFox API.
     
    The integration provides the following feeds:
    • ZeroFox CTI - Botnets - This feed automatically pulls botnet-related IOCs and related context from the ZeroFox API.
    • ZeroFox CTI - C2 Domains - This feed automatically pulls C2 Domain IOCs and related context from the ZeroFox API.
    • ZeroFox CTI - Malware - This feed automatically pulls malware-related IOCs (such as hashes) and related context from the ZeroFox API.
    • ZeroFox CTI - Phishing - This feed automatically pulls phishing-related IOCs (such as URLs and domains) and related context from the ZeroFox API.
    • ZeroFox CTI - Ransomware - This feed automatically pulls ransomware-related IOCs (such as hashes) and related context from the ZeroFox API.
    • ZeroFox CTI - Exploits - This feed automatically pulls exploit-related IOCs (such as CVEs) and related context from the ZeroFox API.
    • ZeroFox CTI - Vulnerabilities - This feed automatically pulls vulnerability-related IOCs (such as CVEs) and related context from the ZeroFox API.
    Feeds Included:
    • [ZeroFox CTI - Botnets] (https://api.zerofox.com/cti/botnet/)
    • [ZeroFox CTI - C2 Domains] (https://api.zerofox.com/cti/c2-domains/)
    • [ZeroFox CTI - Malware] (https://api.zerofox.com/cti/malware/)
    • [ZeroFox CTI - Phishing] (https://api.zerofox.com/cti/phishing/)
    • [ZeroFox CTI - Ransomware] (https://api.zerofox.com/cti/ransomware/)
    • [ZeroFox CTI - Exploits] (https://api.zerofox.com/cti/exploits/)
    • [ZeroFox CTI - Vulnerabilities] (https://api.zerofox.com/cti/vulnerabilities/)

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy