Phase 1 is live: IOC browser, context, risk scoring & MITRE mappingA little while ago we've shared a preview of what we were building for the Q-Feeds Threat Intelligence Portal. Phase 1 is now live.
This release is focused on giving more visibility into the data behind the feeds instead of just consuming blocklists.
You can now:
- Browse the full IOC database
- View IOC history, enrichment data, and relationships
- See risk scoring to understand relevance/priority
- Explore MITRE ATT&CK mappings for additional context
- Investigate indicators that are not included in feeds (e.g. lower confidence)
The idea is to make it easier to validate and investigate instead of blindly blocking.
Please note that this update also introduces a brand new risk-scoring system. But be aware that this risk-scoring system is not used (yet) for our current feeds.
Promo for existing usersIf you've already used your premium trial, you can test the new functionality for 7 days with this code:
1-WEEK-THREAT-LOOKUPYou can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.
What's next (subject to change)Phase 2 (in progress): more granular feed filtering/generation (e.g. only C2, exclude TOR, MITRE-based filtering)
Phase 3: updated OPNsense plugin to support these improvements while keeping it simple
Would be great to get feedback from the community:
What filtering options would you actually use?
Anything missing in the IOC view?
Ideas for improving the OPNsense plugin?
Happy to answer any questions as well.
QuoteWhat filtering options would you actually use?
Anything missing in the IOC view?
Not sure if this is feasible but what about sorting based on country of origin? E.g Country from where the IoC originates.
QuoteIdeas for improving the OPNsense plugin?
Well, OPNsense has inbuilt RRD and other graph possible tooling, would it be possible under the condition its not resource heavy, to create graphs based on the events/IPs/ports/protocols?
Something similar for example as in
Lobby > Reporting > Health
Or
Firewall> Log Files > Overview?
This would still be local to the OPNsense, but would give the users more visual representation.
Regards,
S.
visibility is rather eye opening
Quote from: Seimus on May 03, 2026, 01:24:50 AMQuoteWhat filtering options would you actually use?
Anything missing in the IOC view?
Not sure if this is feasible but what about sorting based on country of origin? E.g Country from where the IoC originates.
QuoteIdeas for improving the OPNsense plugin?
Well, OPNsense has inbuilt RRD and other graph possible tooling, would it be possible under the condition its not resource heavy, to create graphs based on the events/IPs/ports/protocols?
Something similar for example as in
Lobby > Reporting > Health
Or
Firewall> Log Files > Overview?
This would still be local to the OPNsense, but would give the users more visual representation.
Regards,
S.
We will take it in consideration! We're indeed also in conversation with Deciso's developers to see if we can improve reporting f.e. mapped on MITRE (that's what we were thinking about).
That would be actually cool.
As well, I had more time to play a bit with the new updated TiP, its fantastic. As mentioned above the visibility is superb.
For a T-shooting nerd like me, what you provide in TiP is just a dream.
I would love to have all of this directly in OPN GUI (or selfhost it via docker :D), but I understand its most likely not possible.
Great job guys! Keep it up, looking forward what you have next on the table.
Regards,
S.
Clicking on my account name on the top-right gives me these menu options: Dashboard, Orders, Subscriptions, Downloads, Address, Payment methods, Account details, Log out
In none of these I'm able to enter a license code for the trial. The Orders, Subscriptions and Download page only point to a generic 'Browse products' link.
Quote from: Q-Feeds on May 01, 2026, 09:08:05 AMPromo for existing users
If you've already used your premium trial, you can test the new functionality for 7 days with this code:
1-WEEK-THREAT-LOOKUP
You can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.
Quote from: dinguz on May 08, 2026, 09:02:34 PMClicking on my account name on the top-right gives me these menu options: Dashboard, Orders, Subscriptions, Downloads, Address, Payment methods, Account details, Log out
In none of these I'm able to enter a license code for the trial. The Orders, Subscriptions and Download page only point to a generic 'Browse products' link.
Quote from: Q-Feeds on May 01, 2026, 09:08:05 AMPromo for existing users
If you've already used your premium trial, you can test the new functionality for 7 days with this code:
1-WEEK-THREAT-LOOKUP
You can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.
Aah yes you're logged in on our website. But the code works for https://tip.qfeeds.com/ ;-)
Quote from: Seimus on May 08, 2026, 12:52:39 PMThat would be actually cool.
As well, I had more time to play a bit with the new updated TiP, its fantastic. As mentioned above the visibility is superb.
For a T-shooting nerd like me, what you provide in TiP is just a dream.
I would love to have all of this directly in OPN GUI (or selfhost it via docker :D), but I understand its most likely not possible.
Great job guys! Keep it up, looking forward what you have next on the table.
Regards,
S.
Thank you so much for your kind words!! Very happy you like it! Well at this point in time we're not sure what we can do in the OPNsense GUI but we're exploring options ;-)