Data Integrations & Formats

Seamless Integration for Instant Action

Malware Patrol offers machine-readable threat intelligence (MRTI) in formats that work with many of the industry’s most popular cyber security tools and platforms. This way, companies can protect themselves using our reliable, historically rich data without needing additional resources to do so.

Our indicators of compromise include malware URLs, command & control servers, DGAs, phishing, newly registered domains, sites using cryptominer scripts, and more. Learn more about our commercial data feeds here.

If we don’t have the format or integration you’re looking for, contact us. We offer free feed customization for Enterprise customers and will gladly consider working with your SIEM, SOAR, TIP or other service provider to make sure our data is integrated with their platform.

Check out our current integrations and formats below. We also have configuration guides available.
 

How big are your threat data gaps?

See for yourself.

Integration Details

Anomali users can find Malware Patrol in the APP Store or, when logged in, the ThreatStream store. We offer a special Malicious Campaigns data feed for Anomali customers that contains a combination of unique, high confidence indicators – URLs, hashes, IPs, and C2s – related to the latest malicious campaigns. You can request a trial from within ThreatStream or by contacting us directly.

Integration Details

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. We offer two options for MISP:

1) Sync your instance with ours

2) Download MISP-formatted feeds.

Click here to request an evaluation.

Integration Details

ThreatQuotient’s Open Exchange provides the largest and most adaptable set of integrations in the industry. Logged in customers can find more details about the integration with Malware Patrol in the ThreatQ marketplace. Request an evaluation of Malware Patrol’s feeds here.

Integration Details

PaloAlto’s MineMeld is an open-source application that allows users to aggregate threat intelligence across public, private and commercial intelligence sources, including between government and commercial organizations. MineMeld is available for all users directly on GitHub, as well as pre-built virtual machines (VMs) for easy deployment.

Malware Patrol offers Enterprise feeds formatted for MineMeld users. Click here to request an evaluation.