DEV Community

丁久
丁久

Posted on • Originally published at dingjiu1989-hue.github.io

Threat Intelligence Feeds

#devops #security #cloud

This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Feeds

Threat Intelligence Fundamentals

Threat intelligence transforms raw data into actionable security insights. Feeds provide indicators of compromise (IOCs), tactics techniques and procedures (TTPs), and adversary profiles.

STIX and TAXII Standards

STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Intelligence Indicators) are the industry standards for threat intelligence exchange.

from stix2 import Indicator, Bundle, TAXIICollectionSource

from taxii2client import Collection

Create a STIX indicator

indicator = Indicator(

name="Malicious IP",

indicator_types=["malicious-activity"],

pattern="[ipv4-addr:value = '203.0.113.5']",

pattern_type="stix",

valid_from="2026-01-01T00:00:00Z"

)

Bundle indicators

bundle = Bundle(indicator)

print(bundle.serialize(pretty=True))

Consume from TAXII feed

collection = Collection("https://taxii.example.com/collections/123")

source = TAXIICollectionSource(collection)

for indicator in source.query():

print(indicator["name"], indicator["pattern"])

Feed Integration with SIEM

Ingest feeds into your SIEM for correlation:

import requests

from elasticsearch import Elasticsearch

class ThreatIntelIngestor:

def init(self, es_host="localhost:9200"):

self.es = Elasticsearch([es_host])

def fetch_and_index(self, feed_url, feed_name):

resp = requests.get(feed_url, headers={"Accept": "application/stix+json"})

indicators = resp.json().get("objects", [])

for ioc in indicators:

doc = {

"feed": feed_name,

"type": ioc.get("type"),

"pattern": ioc.get("pattern"),

"severity": ioc.get("confidence", 50),

"valid_until": ioc.get("valid_until"),

"ingested_at": "now"

}

self.es.

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.

Top comments (0)