Topics

[Phase 1 is live: IOC browser, context, risk scoring & MITRE mapping]

Phase 1 is live: IOC browser, context, risk scoring & MITRE mapping

A little while ago we've shared a preview of what we were building for the Q-Feeds Threat Intelligence Portal. Phase 1 is now live.

This release is focused on giving more visibility into the data behind the feeds instead of just consuming blocklists.

You can now:

• Browse the full IOC database
• View IOC history, enrichment data, and relationships
• See risk scoring to understand relevance/priority
• Explore MITRE ATT&CK mappings for additional context
• Investigate indicators that are not included in feeds (e.g. lower confidence)

The idea is to make it easier to validate and investigate instead of blindly blocking.

Please note that this update also introduces a brand new risk-scoring system. But be aware that this risk-scoring system is not used (yet) for our current feeds.

Promo for existing users

If you've already used your premium trial, you can test the new functionality for 7 days with this code:

Code Select Expand

1-WEEK-THREAT-LOOKUP
You can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.

What's next (subject to change)

Phase 2 (in progress): more granular feed filtering/generation (e.g. only C2, exclude TOR, MITRE-based filtering)
Phase 3: updated OPNsense plugin to support these improvements while keeping it simple

Would be great to get feedback from the community:

What filtering options would you actually use?
Anything missing in the IOC view?
Ideas for improving the OPNsense plugin?

Happy to answer any questions as well.

[Phase 1 – IOC browser, context, risk scoring & MITRE ATT&CK mapping (Almost done)]

We're working on some major improvements for the TIP and the Q-Feeds OPNsense integration and wanted to share an early preview with the community.

Phase 1 – IOC browser, context, risk scoring & MITRE ATT&CK mapping (Almost done)

We're upgrading the Threat Intelligence Portal so users can investigate our full IOC database, not just the indicators currently pushed through feeds.

This means visibility into:

• IOC history
• enrichment data and relationships
• risk scoring
• MITRE ATT&CK mapping
• indicators that may not be included in active blocklists (for example due to low confidence/risk score)
• and more!
• This should make investigation and validation much easier instead of only consuming blocklists blindly.

Example screenshots:
IOC browser


IOC detail


Phase 2 – More granular feed control (in progress)

We're also building more granular generation/filtering for feeds.

Examples:

• only Command & Control related IOCs
• exclude TOR-related indicators
• focus only on specific malware behavior or even MITRE mappings

The feeds as-is will remain available as well.

Phase 3 – Improved OPNsense plugin

Once the backend changes are finished, we'll update the OPNsense plugin to support these improvements while keeping configuration simple.

The goal is still the same: easy threat intelligence integration without complexity.

Features and timelines may still change, but we'd love feedback from the OPNsense community. Especially on what filtering options or plugin improvements would be most valuable for you.

[COMMUNITY License]

COMMUNITY License
We've made an important improvement to our Free Community threat intelligence feed that we wanted to share with you.

From now on, the Community feed is updated every 24 hours instead of every 7 days. This means you'll have access to fresher, more up-to-date intelligence to better protect your environment.

What do you need to do?

If you are using our plugin: No action is required, everything is handled automatically.
If you are not using one of our plugins: Please check your current update interval and adjust it to 24 hours, so you can benefit from the latest data.


PLUS License

We're currently testing the addition of Premium DNS to our Plus package. To see if this is something people find valuable, we're offering it manually for now. Mainly meant for consumers and small businesses.

If you use the code below during checkout, we'll upgrade your Plus plan with Premium DNS on our side:

forum-premium-DNS-added01

This isn't automated yet, we simply review the orders using this code and enable it manually. The code is valid until April 21st.

Please note that enabling could take up to 12 business hours.

These improvements are made since we actually do listen to your feedback! Don't hesitate to let us know what you would like to see changed.

Hi Community,

Today we've launched a new GUI for our threat Intelligence portal. As we're always looking for improvements we would love to hear your feedback!

Please shoot :)

Dear community

We kicked off the year with a new feature in our Threat Intelligence Portal called Brand Protection.

This feature monitors typosquatting domains related to your brand and uses smart detection models to assess how likely a domain is being used for phishing. For example, if your brand name or fake login pages are detected, the risk score goes up. If a domain looks malicious, you can submit a takedown request and we'll do our best to get it taken offline.

On top of that, Brand Protection also monitors your SSL certificates, so you'll get alerts if there are issues that could impact availability or trust.

Brand Protection is available with our Premium license or via a 7-day free Premium trial.

If you're curious to try it out, you can register here:
👉 https://tip.qfeeds.com/

As always we're happy to hear your feedback!

Kind regards,

Stefan

[We've got some exciting news to share! 🎉]

We've got some exciting news to share! 🎉

After a brief but successful beta phase, our brand-new Dark Web Monitoring feature is now live in the TIP. This feature is available for all Plus and Premium subscribers. This feature checks (on-demand or scheduled) for leaked credentials in leaked dark web databases. There's also a check added if hashes are 'crackable'.

Together with our built-in vulnerability scanner, we're now offering a powerful and well-rounded EASM (External Attack Surface Management) toolkit. These tools are giving you deeper visibility, stronger protection, and more control over your external attack surface.

On our roadmap one of the next major upgrades to our Threat Intelligence Portal would be to add a service where you can monitor on Leaked Credentials. The way the service would work is that a user submits their email addresses and we monitor f.e. the dark web for any leaks. This goes beyond the haveibeenpwned service since we will also include info stealer logs and the actuall password hash + maybe partly show the password so you can easily verify the validity.

• Would you be interested in such service?
• Are you already using a service like this?
• What would be your desired features regarding this?
• Would you be willing to pay for it? And if so, how much? (realistically)

👋 Welcome to the Q-Feeds Sub-Forum

Hi everyone, and welcome to the official Q-Feeds section here on the OPNsense forum!
Q-Feeds provides Threat Intelligence Feeds focused on malicious IPs, and domains helping you strengthen your network security with real-time data against malware, phishing, and other online threats.

We're proud to share that there's now a Q-Feeds plugin available for both the OPNsense Business and Community Editions. This integration makes it easy to automatically import and use our intelligence feeds directly within your firewall configuration.

Everything you need to get started — including installation steps and an implementation manual — can be found here:

https://qfeeds.com/opnsense/

https://docs.opnsense.org/manual/qfeeds.html

Feel free to use this sub-forum to:

• Ask questions about the Q-Feeds plugin for OPNsense
• Share feedback or feature suggestions
• Discuss use cases or integrations

We'll be around to help and respond to your posts.

—
The Q-Feeds Team
https://qfeeds.com

Hi everyone,

We've been working on a new plugin for OPNsense and are now at the stage where we'd love some community feedback. The plugin is developed in cooperation with Deciso, and we're looking for users who are willing to test it on their own setups.

We are Q-Feeds, a provider of Threat Intelligence. We focus on delivering high-quality, real-time data about malware IPs, malicious domains, and phishing URLs, making it easier to block threats before they reach your network. Our goal is to make threat intelligence accessible to everyone by offering native integrations with firewalls, SIEMs, and other security platforms. Obviously we can't miss OPNsense on our list of supported platforms!

If you're interested in trying it out and sharing your experience, please let us know here in the thread or via DM. We will provide you with the installation details (one prebuilt command). Your feedback will really help us improve before a wider release in the plugins repository.

Thanks in advance for your support!

Best regards,

Stefan Sprenkels
Founder Q-Feeds