Enriching the Tools You Have with the Intelligence You Need

4 minute read

Every organization has a different digital environment, a different attack surface, and a different set of threat actors to monitor; we can’t defend against them using a one-size-fits-all solution. Over the last couple of years, ZeroFox has made significant investments in threat intelligence to expand our capabilities and enable more proactive security for our customers. And because intelligence itself is a broad category, we also have prioritized solutions that address our customers’ greatest challenges, no matter where they are in their threat intelligence journey. 

With this in mind, we’ve introduced new Threat Intelligence Feeds to deliver additional context and exclusive intel collections which provide focus and greater accuracy; these feeds help automate threat protection, measurably improving the effectiveness of an existing cybersecurity program. Integrating our broad range of intelligence provides a key advantage to customers. Our vetted intelligence enables security teams to prioritize and quickly take action on the most critical issues based on high fidelity indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) attackers use to threaten the security of your business and the security of your customers. 

Every day, our embedded operatives collect actionable information from threat actors, while the ZeroFox platform analyzes billions of raw intelligence data collected across the internet, including surface, deep and dark web content. This breadth of perspective allows us to  identify malicious infrastructure before attacks are launched, adding to standard open source intelligence by picking up information from the most difficult to access corners of the web. Our collected intelligence has been used to create customer-specific alerts in our platform; by decision makers who rely on strategic finished intelligence; by researchers who investigate in our search portal; and through feeds, it is now available for Security Operations Centers (SOCs) to enrich their existing security tools with more relevant and accurate context and insights.

Details – ZeroFox Intelligence Feeds

We take the data and intelligence that powers the ZeroFox platform and package it into three focused and effective feed bundles, designed to solve specific types of real-world challenges. This keeps threat alerts relevant and remediation efforts prioritized and coordinated across all cybersecurity functions. The bundles include: 

Identity and Fraud Intelligence Information and context to prevent fraud and secure identities, logins, and Personally Identifiable Information (PII). This bundle includes phone numbers, email addresses, SSN and credit cards, and compromised credentials from botnet breach packages and other sources. 

Network and Vulnerability Intelligence Network IOCs to inform incident response, prioritize vulnerabilities, and improve your network security posture. Data is provided about botnet-infected hosts, malware, vulnerabilities, phishing and targets of ZeroFox’s disruption and takedown efforts. 

Covert Communications Intelligence Insights and early warning into chatter that is related to malicious activity and data breach packages on the deep and dark web. This includes intelligence from Discord, Telegram, and IRC.

Our API-enabled threat intelligence feeds work with SIEM/SOAR, Firewall, SSO, ITSM, AD, TIP, XDR, and many other security tools, to deliver timely and accurate intelligence essential to reduce the impact of, and even prevent, costly cyberattacks. The feeds send intelligence directly to your existing  platforms, enabling automation of the following: 

  • Password resets
  • Vulnerability patching 
  • Malware removal 
  • Blocking actions 

ZeroFox Cyber Threat Intelligence Feeds are: 


Extensive data sets deliver all the relevant intelligence to the security team for deep analysis, from unique historical data to the latest dark web research from our embedded operatives.


Our analysts verify and correlate information across a broad range of sources to provide precise intelligence regarding malicious communications infrastructure which helps detect attacks before they’re launched, creating advisories regarding widespread campaigns, and deliver enriched context to prioritize security response.


Multiple delivery mechanisms, including alerts, on-demand search, and direct API access to raw and regularly updated ZeroFox intelligence delivers easy-to-consume threat data, speeding up decisions and automating mitigation when every second counts. 

We’ve built our external threat intelligence with the intention to ensure we provide relevant in-platform alerting, enable bespoke threat searching, and deliver focused, integrated feeds. This adaptable approach to intelligence vets and prioritizes more vast and complex threat data than previously possible, to help your security team address issues faster and with more confidence. 

Click here to learn more or schedule a ZeroFox demo.


Subscribe to our Blog

Best practices, the latest research, and breaking news, delivered right to your inbox.