ZeroFox CTI Feeds

Browse Apps

Integration Documentation

Last Updated
Oct 15, 2024

Version
1.0.2

Compatibility
ThreatQ versions >= 5.12.1

ZeroFox CTI Feeds

ThreatQuotient

www.zerofox.com

Overview

The ZeroFox CTI integration for ThreatQ enables the automatic ingestion of cyber threat intelligence such as botnets, malware, ransomware, exploits, c2 servers, and more from the ZeroFox API.

The integration provides the following feeds:

ZeroFox CTI - Botnets - This feed automatically pulls botnet-related IOCs and related context from the ZeroFox API.
ZeroFox CTI - C2 Domains - This feed automatically pulls C2 Domain IOCs and related context from the ZeroFox API.
ZeroFox CTI - Malware - This feed automatically pulls malware-related IOCs (such as hashes) and related context from the ZeroFox API.
ZeroFox CTI - Phishing - This feed automatically pulls phishing-related IOCs (such as URLs and domains) and related context from the ZeroFox API.
ZeroFox CTI - Ransomware - This feed automatically pulls ransomware-related IOCs (such as hashes) and related context from the ZeroFox API.
ZeroFox CTI - Exploits - This feed automatically pulls exploit-related IOCs (such as CVEs) and related context from the ZeroFox API.
ZeroFox CTI - Vulnerabilities - This feed automatically pulls vulnerability-related IOCs (such as CVEs) and related context from the ZeroFox API.

Feeds Included:

[ZeroFox CTI - Botnets] (https://api.zerofox.com/cti/botnet/)
[ZeroFox CTI - C2 Domains] (https://api.zerofox.com/cti/c2-domains/)
[ZeroFox CTI - Malware] (https://api.zerofox.com/cti/malware/)
[ZeroFox CTI - Phishing] (https://api.zerofox.com/cti/phishing/)
[ZeroFox CTI - Ransomware] (https://api.zerofox.com/cti/ransomware/)
[ZeroFox CTI - Exploits] (https://api.zerofox.com/cti/exploits/)
[ZeroFox CTI - Vulnerabilities] (https://api.zerofox.com/cti/vulnerabilities/)