Threat Intelligence Feeds

What are Threat Intelligence Feeds?

Threat intelligence feeds are data streams containing the latest information, research, and reports on emerging cyber threats. Threat intelligence feeds are a valuable source of threat intelligence that can help security teams understand emerging cyber threats and make the right strategic decisions to prevent or mitigate attacks.

The information found in threat intelligence feeds comes from a variety of different sources. Threat intelligence may be gathered by artificial intelligence or reported by human cybersecurity professionals who discover new information about a digital threat in the course of securing their own networks. 

Some threat intelligence feeds may be accessed for free by members of the public, while others are available as commercial products. Commercial threat intelligence providers may curate their feeds for specific customers, ensuring the threat intelligence they receive is actionable, timely, and relevant to their unique circumstances, while public threat intelligence feeds provide a valuable source of free threat intelligence for the general public.

Why are Threat Intelligence Feeds Important?

Cyber security is information warfare, an ongoing arms race between cybersecurity professionals attempting to secure their networks and digital adversaries attempting to penetrate them.

And when it comes to getting ahead in that arms race, information sharing is one of the most important practices deployed by both sides.

Digital adversaries work to develop and share information that can be used to execute cyber attacks against target organizations, while law-abiding organizations collect and share information that can be used to prevent those attacks.

Public threat intelligence feeds allow organizations to fight collaboratively against digital adversaries by reporting and sharing up-to-date information about their identities, motivations, and behaviors, along with the techniques, tactics, and procedures (TTPs) they use to infiltrate targeted organizations. 

Commercial threat intelligence feeds also play an important role, delivering a curated stream of relevant threat intelligence that helps customers prioritize cybersecurity investments and protect their organizations against digital threats.

How Do Threat Intelligence Feeds Source Data?

Threat intelligence feeds may gather data from a variety of sources, and no two threat intelligence feeds are exactly alike in terms of where their data comes from and how it is processed or analyzed before publication.

Potential data inputs for threat intelligence feeds include:

Open Source Intelligence Sources (OSINT)

OSINT includes information from public sources: television and magazines, the Internet, public government data, corporate white papers, academic publications, commercial data, technical reports, and newsletters. 

Covert Intelligence Sources

Threat intelligence feeds may also integrate information from covert operatives who infiltrate digital adversary communities to gather data on emerging threat groups, novel attack patterns, and potential targets for future attacks. 

Machine-based Data Collection

Leading commercial threat intelligence providers leverage machine-based data collection to gather threat data at scale from across the public attack surface.

Machine-collected data is analyzed using a combination of AI-driven processes and human cybersecurity experts, then enriched with additional context or recommendations before it appears in a commercial threat intelligence feed.


Telemetry data includes logs, metrics, and traces that provide detailed records of states, events, and transactions within enterprise networks. When a security incident takes place, telemetry data provides critical insights that help security teams detect Indicators of Compromise (IoCs), identify the scope of the attack, minimize its effects, remediate the cause, and mitigate damage. 

Commercial threat intelligence providers aggregate telemetry data from their customers and partners, analyze the data to identify IoCs, develop actionable and relevant threat intelligence, and distribute it back to customers via curated threat intelligence feeds.

5 Threat Intelligence Feeds You Should Know

Searching for a reliable threat intelligence feed that can help you identify and mitigate cyber threats to your business?

Here are five of the best ones you should know:

FBI InfraGard

InfraGard is a public-private partnership between the FBI and the owners, operators, and security staff of organizations in 16 critical infrastructure sectors. These groups collaborate, network, and share information about emerging technologies and cyber threats to help prevent and mitigate attacks against U.S. infrastructure. 

DHS Automated Indicator Sharing

The Cybersecurity & Infrastructure Security Agency (CISA), operating under the Department of Homeland Security (DHS) offers a collaborative threat intelligence data feed capability known as Automated Indicator Sharing (AIS) 

The service is free and enables registered participants to automatically share machine-readable cyber threat indicators and defensive measures with other members of the community, reducing the overall prevalence of successful cyber attacks.

National Cyber Awareness System

Operated by CISA, the National Cyber Awareness System is a public threat intelligence feed that regularly publishes information on current security activity, alerts on emerging cyber security threats, weekly bulletins summarizing new vulnerabilities, and in-depth analysis reports on both new and evolving cyber threats. 

Open Threat Exchange (OTX)

Managed by AlienVault, OTX is an open source threat intelligence community where collaborators can share their own threat information and access millions of threat indicators contributed daily by other participants.

ZeroFox Cyber Threat Intelligence (CTI)

ZeroFox combines AI processing and deep learning tools with expert human analysis to curate and deliver actionable and relevant threat intelligence to enterprise organizations. 

ZeroFox supplements its curated threat intelligence feeds with threat validation, triage, analysis, routing, and escalation services that help security teams prioritize threats and take action to safeguard enterprise networks and systems.

Counter Digital Adversaries with ZeroFox Threat Intelligence

ZeroFox provides protection, intelligence, and disruption to dismantle external threats to brands, people, assets, and data across the public attack surface in one, comprehensive platform. 

ZeroFox is more than just a threat intelligence feed. Our global team of 150+ expert threat researchers provides in-depth investigation and analysis, transforming raw threat data into actionable intelligence that helps our customers prevent and mitigate cyber attacks.

Want to learn more?

Watch our webinar on ATT&CK or Be Attacked: Using Threat Intelligence to Disrupt Targeted Threats to Your Brand’s Perimeter to discover how relevant and timely information from threat intelligence feeds is helping enterprises fight back against cyber threats.