Build your own Threat intelligence feed with Twitter — integrate to XSOAR

curl https://twitter.threatintel.rocks/ --silent | jq
curl https://twitter.threatintel.rocks/ --silent | jq -r '.malicious_urls | .[]'
curl https://twitter.threatintel.rocks/ --silent | jq '.malicious_ips |  .[]?' -r | sort | uniq -c | sort -nr
curl https://twitter.threatintel.rocks/ --silent | jq '.malicious_ips |  .[]?' -r | sort | uniq -c | sort -nr >> /home/xsoar/output.txt
ctontab -ethen insert this to run every 30 minutes:30 * * * * /usr/bin/curl https://twitter.threatintel.rocks/ --silent | jq -r '.malicious_urls | .[]' >> /home/xsoar/threatfeed/output.txt
  • URL, Credentials, Indicator information, Feed name, and extraction options
verdict:Malicious type:URL sourceBrands:"Plain Text Feed"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Brenton Swanepoel

Brenton Swanepoel

Excited about OSINT, threat hunting and the general breaking of things