back to home

CriticalPathSecurity / Zeek-Intelligence-Feeds

Zeek-Formatted Threat Intelligence Feeds

View on GitHub
392 stars
49 forks
0 issues
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing CriticalPathSecurity/Zeek-Intelligence-Feeds in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Source files are only loaded when you start an analysis to optimize performance.
Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind.in/repo/CriticalPathSecurity/Zeek-Intelligence-Feeds)
Preview:Analyzed by RepoMind

Repository Overview (README excerpt)

Crawler view

Zeek Intel Threat Feed w/ Combined Indicators This is a public feed based on Public Threat Feeds and CRITICAL PATH SECURITY gathered data. This feed will be updated as often as possible. Getting Started These instructions will get you a copy of the project up and running. Dependencies • ZEEK 3.0 or greater Installing Install Zeek Dependencies Clone the repository into Install Zeek Install the Threat Intelligence Feeds Clone the repository into Usage Navigate to Scheduling Updates A simple bash script can be used for updates. An example is shown below. Add the following: Make the script executable. Make the following cron entry for 24 hour updates. Logs will be written to: Sources: Filename | Provider | Homepage | List URL | License/TOU | |-----------|-----------|----------------------------------|--------------------------------|----------------------------------| | Amnesty_NSO_Domains.intel | Amnesty NSO Domains | https://github.com/AmnestyTech/investigations | https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso | Not Defined | | abuse-ch-ipblocklist.intel | Abuse.CH Blacklist | https://sslbl.abuse.ch/blacklist/ | https://sslbl.abuse.ch/blacklist/ | https://sslbl.abuse.ch/blacklist/ | | abuse-ch-malware.intel | Abuse.CH Malware | https://bazaar.abuse.ch/ | https://bazaar.abuse.ch/ | https://bazaar.abuse.ch/ | | abuse-ch-threatfox-ip.intel | Abuse.CH ThreatFox | https://threatfox.abuse.ch/ | https://threatfox.abuse.ch/ | https://threatfox.abuse.ch/ | | abuse-ch-urlhaus.intel | Abuse.CH URLHaus | https://urlhaus.abuse.ch/ | https://urlhaus.abuse.ch/ | https://urlhaus.abuse.ch/ | | alienvault.intel | AlienVault | https://www.alienvault.com/ | http://reputation.alienvault.com/reputation.data | https://otx.alienvault.com/ | | binarydefense.intel | Binary Defense | https://www.binarydefense.com/ | https://www.binarydefense.com/banlist.txt | https://www.binarydefense.com/ | | censys.intel | Censys | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | cobaltstrike_ips.intel | CobaltStrike IP | https://threatview.io/ | https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt | https://threatview.io/ | | compromised-ips.intel | Emerging Threats | https://rules.emergingthreats.net/ | https://rules.emergingthreats.net/blockrules/compromised-ips.txt | https://rules.emergingthreats.net/OPEN_download_instructions.html | | cps-collected-iocs.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | cps_cobaltstrike_domain.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | cps_cobaltstrike_ip.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | ellio.intel | Ellio Tech | https://www.ellio.tech | https://www.ellio.tech | https://www.ellio.tech | | fangxiao.intel | Cyjax | https://www.cyjax.com/ | https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt | https://www.cyjax.com/2022/11/14/fangxiao-a-chinese-threat-actor/ | | filetransferportals.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | illuminate.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | inversion.intel | Google / Inversion | https://github.com/elliotwutingfeng/Inversion-DNSBL-Blocklists | Github | https://github.com/elliotwutingfeng/Inversion-DNSBL-Blocklists/blob/main/LICENSE | | lockbit_ip.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | log4j_ip.intel | Multiple Sources | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | openphish.intel | OpenPhish | https://openphish.com | https://openphish.com/feed.txt | https://openphish.com/terms.html | | predict_intel.intel | Georgia Tech Research Institute (GTRI) | https://www.gatech.edu/ | https://www.gatech.edu/ | https://www.gatech.edu/ | | ragnar.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | sans.intel | SANS | https://isc.sans.edu/ | https://isc.sans.edu/api/intelfeed | https://isc.sans.edu/data/threatfeed.html | | scumbots.intel | ScumBots | None | None | Permission given by Paul Melson - Free Usage | | stalkerware.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | tor-exit.intel | Tor Project | https://www.torproject.org/ | https://check.torproject.org/exit-addresses | https://www.torproject.org/ | Mon Mar 23 06:02:40 UTC 2026