[pull] main from hslatman:main

.github/workflows/links.yml

@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v2
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v1.0.8
+        uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2.6.1
         with:
           args: --verbose --no-progress **/*.md **/*.html
         env:

README.md

@@ -27,14 +27,6 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
             AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. It's mission is to help make Web safer by providing a central blacklist for webmasters, system administrators, and other interested parties to report and find IP addresses that have been associated with malicious activity online..
         </td>
     </tr>
-    <tr>
-        <td>
-            <a href="http://s3.amazonaws.com/alexa-static/top-1m.csv.zip" target="_blank">Alexa Top 1 Million sites</a>
-        </td>
-        <td>
-            The top 1 Million sites from Amazon(Alexa). Never use this as a <a href="https://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3a-Alexa-vs-Umbrella" target="_blank">whitelist</a>.
-        </td>
-    </tr>
     <tr>
         <td>
             <a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a>
@@ -195,6 +187,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
             Free intelligence source for current and historical DNS information, WHOIS information, finding other websites associated with certain IPs, subdomain knowledge and technologies. There is a <a href="https://securitytrails.com/">IP and domain intelligence API available</a> as well. 
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="https://feed.ellio.tech" target="_blank">ELLIO: IP Feed (community free version)</a>
+        </td>
+        <td>
+            A threat list of known malicious IP addresses anticipated to pose potential threats to your network in the near future, known benign scanners, and IP addresses of actors with unknown intent. It is provided with a 24-hour delay for personal, non-commercial use but still provides exceptional protection compared to other open IP threat lists/feeds.
+        </td>
+    </tr>
     <tr>
         <td>
             <a href="http://rules.emergingthreats.net/fwrules/" target="_blank">Emerging Threats Firewall Rules</a>
@@ -267,6 +267,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
             GreyNoise collects and analyzes data on Internet-wide scanning activity. It collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms. 
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="http://griffinguard.io/" target="_blank">GriffinGuard</a>
+        </td>
+        <td>
+            GriffinGuard is a cybersecurity platform delivering real-time threat intelligence by continuously analyzing global internet traffic and exploitation patterns. It provides free data search, and some free IP blocklists.
+        </td>
+    </tr>
     <tr>
         <td>
             <a href="https://honeydb.io/" target="_blank">HoneyDB</a>
@@ -307,6 +315,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
             I-Blocklist maintains several types of lists containing IP addresses belonging to various categories. Some of these main categories include countries, ISPs and organizations. Other lists include web attacks, TOR, spyware and proxies. Many are free to use, and available in various formats.
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="https://ipasis.com" target="_blank">IPASIS</a>
+        </td>
+        <td>
+            IPASIS is a real-time bot detection and fraud prevention API that combines IP intelligence, proxy/VPN/Tor detection, and email validation into a single API call. Each request returns an Interaction Trust Score (0-100) with sub-20ms response time. Free tier includes 1,000 requests/day. <a href="https://ipasis.com/docs" target="_blank">API documentation</a> and a <a href="https://ipasis.com/scan" target="_blank">live scanner</a> are available.
+        </td>
+    </tr>
     <tr>
         <td>
             <a href="https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt" target="_blank">IPsum</a>
@@ -419,13 +435,6 @@ The primary goal of Malpedia is to provide a resource for rapid identification a
             MetaDefender Cloud Threat Intelligence Feeds contains top new malware hash signatures, including MD5, SHA1, and SHA256. These new malicious hashes have been spotted by MetaDefender Cloud within the last 24 hours. The feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence.
         </td>
     </tr>
-    <tr>
-        <td><a href="https://blog.netlab.360.com/tag/english/">Netlab OpenData Project</a>
-      </td>
-      <td>
-            The Netlab OpenData project was presented to the public first at ISC' 2016 on August 16, 2016. We currently provide multiple data feeds, including DGA, EK, MalCon, Mirai C2, Mirai-Scanner, Hajime-Scanner and DRDoS Reflector.
-        </td>
-    </tr>
     <tr>
         <td>
             <a href="http://www.nothink.org">NoThink!</a>
@@ -488,6 +497,14 @@ The primary goal of Malpedia is to provide a resource for rapid identification a
             PickupSTIX is a feed of free, open-source, and non-commercialized cyber threat intelligence. Currently, PickupSTIX uses three public feeds and distributes about 100 new pieces of intelligence each day. PickupSTIX translates the various feeds into STIX, which can communicate with any TAXII server. The data is free to use and is a great way to begin using cyber threat intelligence.
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="https://qfeeds.com" target="_blank">Q-Feeds Threat Intelligence</a>
+        </td>
+        <td>
+            Q-Feeds is a cybersecurity company that brings together data from OSINT, proprietary research, and commercial threat intelligence feeds to offer a well-rounded and highly actionable solution. Their Threat Intelligence Portal (TIP) makes it easy for organizations to access and manage this data in real-time. By integrating with firewalls, SIEMs, and other security platforms, Q-Feeds helps businesses proactively block connections to known malicious IPs, domains, and URLs—before threats can do harm. They also have a community version available on request.
+        </td>
+    </tr>
     <tr>
         <td>
             <a href="https://rescure.fruxlabs.com/" target="_blank">REScure Threat Intel Feed</a>
@@ -674,6 +691,14 @@ The primary goal of Malpedia is to provide a resource for rapid identification a
             VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of malicious code. Access to the site is granted via invitation only.
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="https://vuldb.com/?actor" target="_blank">VulDB CTI</a>
+        </td>
+        <td>
+            VulDB is a vulnerability database which associates actor activities and attack details with vulnerabilities. The predictive approach helps to determine emerging research and attack activities by malicious actors.
+        </td>
+    </tr>
     <tr>
         <td>
             <a href="https://github.com/Yara-Rules/rules" target="_blank">Yara-Rules</a>
@@ -690,6 +715,14 @@ The primary goal of Malpedia is to provide a resource for rapid identification a
 Mrlooquer has created the first threat feed focused on systems with dual stack. Since IPv6 protocol has begun to be part of malware and fraud communications, It is necessary to detect and mitigate the threats in both protocols (IPv4 and IPv6).
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="https://app.validin.com/">Validin DNS Database</a>
+        </td>
+        <td>
+            Free intelligence source for current and historical DNS information, finding other websites associated with certain IPs, and subdomain knowledge There is a <a href="https://app.validin.com/docs">free API for IP and domain intelligence</a> as well. 
+        </td>
+    </tr>
 </table>
 
 ## Formats
@@ -937,6 +970,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari
             n6 (Network Security Incident eXchange) is a system to collect, manage and distribute security information on a large scale. Distribution is realized through a simple REST API and a web interface that authorized users can use to receive various types of data, in particular information on threats and incidents in their networks. It is developed by <a href="https://www.cert.pl/en/" target="_blank">CERT Polska</a>.
         </td>
     </tr>
+    <tr>
+        <td>
+            <a href="https://ocsf.io/" target="_blank">Open Cybersecurity Schema Framework (OCSF)</a>
+        </td>
+        <td>
+            The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.
+        </td>
+    </tr>
     <tr>
         <td>
             <a href="https://www.opencti.io/en/" target="_blank">OpenCTI</a>
@@ -1227,26 +1268,34 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
     </tr>
     <tr>
         <td>
-            <a href="https://cybergordon.com/" target="_blank">CyberGordon</a>
+            <a href="https://cti-transmute.org/" target="_blank">CTI-Transmute</a>
         </td>
         <td>
-            CyberGordon is a threat intelligence search engine. It leverages 30+ sources.
+            CTI-Transmute is a tool for converting Cyber Threat Intelligence (CTI) data between MISP and STIX formats. It provides a set of API endpoints that allow automated conversion of data, making it easier to integrate different threat intelligence platforms and workflows. Source available on <a href="https://github.com/MISP/cti-transmute" target="_blank">GitHub</a>.
         </td>
     </tr>
     <tr>
         <td>
-            <a href="https://github.com/CylanceSPEAR/CyBot" target="_blank">CyBot</a>
+            <a href="https://github.com/cuckoosandbox/cuckoo" target="_blank">Cuckoo Sandbox</a>
         </td>
         <td>
-            CyBot is a threat intelligence chat bot. It can perform several types of lookups offered by custom modules.
+            Cuckoo Sandbox is an automated dynamic malware analysis system. It's the most well-known open source malware analysis sandbox around and is frequently deployed by researchers, CERT/SOC teams, and threat intelligence teams all around the globe. For many organizations Cuckoo Sandbox provides a first insight into potential malware samples.
         </td>
     </tr>
     <tr>
         <td>
-            <a href="https://github.com/cuckoosandbox/cuckoo" target="_blank">Cuckoo Sandbox</a>
+            <a href="https://cybergordon.com/" target="_blank">CyberGordon</a>
         </td>
         <td>
-            Cuckoo Sandbox is an automated dynamic malware analysis system. It's the most well-known open source malware analysis sandbox around and is frequently deployed by researchers, CERT/SOC teams, and threat intelligence teams all around the globe. For many organizations Cuckoo Sandbox provides a first insight into potential malware samples.
+            CyberGordon is a threat intelligence search engine. It leverages 30+ sources.
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <a href="https://github.com/CylanceSPEAR/CyBot" target="_blank">CyBot</a>
+        </td>
+        <td>
+            CyBot is a threat intelligence chat bot. It can perform several types of lookups offered by custom modules.
         </td>
     </tr>
     <tr>