Enrichment Data: Keeping it Fresh

SUMMARY :

The article discusses the importance of keeping enrichment data up-to-date for analyzing honeypot attacks. Various sources like Internet Storm Center, URLhaus, SPUR, and VirusTotal are used to enrich data collected from honeypots. The author examines how frequently this data changes and its accuracy over time. VirusTotal data shows that it can take months for a significant increase in malicious hits for a given file hash. URLhaus data demonstrates how the number of reported URLs for an IP address can change rapidly. SPUR data, which provides WHOIS information, shows that while most IP addresses maintain consistent information, some experience frequent changes in organization or location details. The article emphasizes the need for regular updates and the use of multiple enrichment data sources for accurate threat analysis.

OPENCTI LABELS :

threat intelligence,data enrichment


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Enrichment Data: Keeping it Fresh