Patrick-Kelley
commented
2 years ago If you could provide a bit more information. Each threat intelligence feed is named after the source that it's pulled from.
Closed T145 closed 2 years ago
Patrick-Kelley
commented
2 years ago If you could provide a bit more information. Each threat intelligence feed is named after the source that it's pulled from.
T145
commented
2 years ago If you could provide a bit more information. Each threat intelligence feed is named after the source that it's pulled from.
I've updated the main post to be more precise and accurate. Hope it helps!
T145
commented
2 years ago An example section in the project README could look something like this:
| Provider | Homepage | List URL | License/TOU |
|---|---|---|---|
| OpenPhish | https://openphish.com/index.html | https://openphish.com/feed.txt | https://openphish.com/terms.html |
...
Patrick-Kelley
commented
2 years ago Certainly!
I'll work to get that provided for you all.
Patrick-Kelley
commented
2 years ago Done. Apologies for the delay. Busy year.
Presently the provider of each list is detailed in some cases, but there is still quite a bit of ambiguity. For example, there is no index where a "meta.source" column can be compared to validate where it is the data comes from. A user is left to assume any list content labeled with "CPS" is directly managed by CPS, whether is this true or not. Having the list provider's homepage and the list's raw URL provided would reassure users that the data in these lists is not being modified beyond transforming it into a different format. This information wouldn't need to have entirely new columns throughout each list to be added. In fact, having the "meta.source" column at all is unnecessary if there is proper documentation elsewhere.