Enrichment Data: Keeping it Fresh

Sept. 9, 2024, 7:50 a.m.

Description

The article discusses the importance of keeping enrichment data up-to-date for analyzing honeypot attacks. Various sources like Internet Storm Center, URLhaus, SPUR, and VirusTotal are used to enrich data collected from honeypots. The author examines how frequently this data changes and its accuracy over time. VirusTotal data shows that it can take months for a significant increase in malicious hits for a given file hash. URLhaus data demonstrates how the number of reported URLs for an IP address can change rapidly. SPUR data, which provides WHOIS information, shows that while most IP addresses maintain consistent information, some experience frequent changes in organization or location details. The article emphasizes the need for regular updates and the use of multiple enrichment data sources for accurate threat analysis.

External References

https://isc.sans.edu/diary/rss/31236
https://otx.alienvault.com/pulse/66dea5e319a9e3c5f5187821
Tags
threat intelligence
2024-09-09
data enrichment

Date

  • Created: Sept. 9, 2024, 7:38 a.m.
  • Published: Sept. 9, 2024, 7:38 a.m.
  • Modified: Sept. 9, 2024, 7:50 a.m.

Indicators

  • 306f0c79ad9ee76e996556f909306fda5704b456d670aa9daeb54760b4b5e4f6
  • 47b268c21591069bfe4099833ad66b8138a53ab2dcb866e040d466aee1f8624c
  • 062ba629c7b2b914b289c8da0573c179fe86f2cb1f70a31f9a1400d563c3042a
  • 193.42.33.81
  • 179.43.175.5
Download all indicators here!

Attack Patterns