Phase 1 is live: IOC browser, context, risk scoring & MITRE mappingA little while ago we've shared a preview of what we were building for the Q-Feeds Threat Intelligence Portal. Phase 1 is now live.
This release is focused on giving more visibility into the data behind the feeds instead of just consuming blocklists.
You can now:
- Browse the full IOC database
- View IOC history, enrichment data, and relationships
- See risk scoring to understand relevance/priority
- Explore MITRE ATT&CK mappings for additional context
- Investigate indicators that are not included in feeds (e.g. lower confidence)
The idea is to make it easier to validate and investigate instead of blindly blocking.
Please note that this update also introduces a brand new risk-scoring system. But be aware that this risk-scoring system is not used (yet) for our current feeds.
Promo for existing usersIf you've already used your premium trial, you can test the new functionality for 7 days with this code:
1-WEEK-THREAT-LOOKUPYou can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.
What's next (subject to change)Phase 2 (in progress): more granular feed filtering/generation (e.g. only C2, exclude TOR, MITRE-based filtering)
Phase 3: updated OPNsense plugin to support these improvements while keeping it simple
Would be great to get feedback from the community:
What filtering options would you actually use?
Anything missing in the IOC view?
Ideas for improving the OPNsense plugin?
Happy to answer any questions as well.