We're working on some major improvements for the TIP and the Q-Feeds OPNsense integration and wanted to share an early preview with the community.
Phase 1 – IOC browser, context, risk scoring & MITRE ATT&CK mapping (Almost done)We're upgrading the Threat Intelligence Portal so users can investigate our full IOC database, not just the indicators currently pushed through feeds.
This means visibility into:
- IOC history
- enrichment data and relationships
- risk scoring
- MITRE ATT&CK mapping
- indicators that may not be included in active blocklists (for example due to low confidence/risk score)
- and more!
- This should make investigation and validation much easier instead of only consuming blocklists blindly.
Example screenshots:
IOC browser
(https://preview.redd.it/upcoming-major-updates-sneak-peak-subject-to-change-v0-yqr84mzp0qwg1.png?width=1559&format=png&auto=webp&s=831ab5281cec3ed59b2b774992cec761a460c72f)
IOC detail
(https://preview.redd.it/upcoming-major-updates-sneak-peak-subject-to-change-v0-cm514ngt0qwg1.png?width=1629&format=png&auto=webp&s=1001ba3146ff0202b8b70a75e43acd7d379d348c)
Phase 2 – More granular feed control (in progress)We're also building more granular generation/filtering for feeds.
Examples:
- only Command & Control related IOCs
- exclude TOR-related indicators
- focus only on specific malware behavior or even MITRE mappings
The feeds as-is will remain available as well.
Phase 3 – Improved OPNsense pluginOnce the backend changes are finished, we'll update the OPNsense plugin to support these improvements while keeping configuration simple.
The goal is still the same: easy threat intelligence integration without complexity.
Features and timelines may still change, but we'd love feedback from the OPNsense community. Especially on what filtering options or plugin improvements would be most valuable for you.