Threat Intelligence Management’s power lies in its ability to deliver proactive, high-fidelity insights into attacker infrastructure. At the heart of this is a comprehensive collection of first-party data, acquired through rigorous, ethical methods.
This article outlines our primary acquisition approaches, key data sources, and unwavering commitment to quality, ensuring you get unfiltered, Actionable Intelligence for threat hunting, without the noise of third-party aggregators. By understanding these methods, you'll see how they directly power features like IOFA™ feeds, risk scores, and Total View scans, enabling you to neutralize threats before they escalate.
Silent Push's threat intelligence begins with daily full scans of the entire IPv4 and IPv6 address space, capturing Raw Data on domains, IPs, and Network behaviors. This proactive scanning neutralizes emerging threats, such as phishing domains or infrastructure laundering, before they impact your operations, shifting focus from reactive alerts to comprehensive global coverage that integrates seamlessly with your Threat Intelligence Management workflows.
Automated, continuous scans (24/7) with tactical refreshes for high-velocity changes like DNS updates, ensuring real-time relevance in dynamic threat landscapes.
One hundred percent of routable IPv4/IPv6, including clearnet, Dark Web (Tor), and non-HTTP services: critical for spotting hidden attacker assets that feed into your enrichment queries.
Outputs are unprocessed (e.g., Basic Raw Data in Domain-Wide View), preserving original collection details, such as timestamps and resolutions, to support forensic analysis in Threat Feeds.
Tip: These scans directly inform your risk scores; for example, a fresh DNS anomaly from a high-velocity refresh could flag an IOFA signal, prompting immediate action in your monitors.
Proprietary Repositories
We maintain six proprietary repositories, each optimized for specific types of threat intelligence. These sources converge to enrich SPQL queries and Total View results, providing the building blocks for behavioral flags, listing scores, and more. Below is a breakdown of how they're acquired and applied in threat management:
Data Source | Description | Acquisition Method | Use Case in Threat Intelligence |
|---|---|---|---|
Web Scan (Clearnet) | On-page content, HTML, and favicons from the public web. | HTTP/HTTPS crawling of active sites. | Detect spoofed titles for brand impersonation, feeding into Web Data alerts for phishing triage. |
Dark Web Scan (Torscan) | .onion sites and hidden services. | Tor network enumeration and content scraping. | Identify credential dumps or phishing kits to enhance dark web monitoring in your threat feeds. |
DNS Data | Passive DNS (PADNS), records (A, MX, etc.). | Zone file monitoring and historical query logging. | Track domain hopping or subdomain takeovers, powering PADNS views for evasion detection. |
WHOIS | Registration details, ownership history. | Protocol queries (TCP/43) during scans and updates. | Analyze domain flipping or shady registrars to inform ownership risk in enrichment results. |
Services Data | Non-HTTP (SSH, DNS) with TLS/SSL certs. | Port scanning and certificate transparency logs. | Flag expired certs or open directories, supporting misconfiguration hunts in attack surface mapping. |
Enrichment Feeds | Blacklists, ASNs, IOFAs. | Curated ingestion from trusted partners + proprietary analysis. | Compute listing scores and behavioral flags, directly boosting IOFA-driven proactive defenses. |
These sources seamlessly integrate with SPQL queries within Threat Intelligence Management, with field names such as creation_date or nameservers readily available for custom hunts. For instance, a WHOIS anomaly might trigger an IOFA flag, elevating a domain's risk score in real-time.
Quality and Ethics in Threat Intel
In Threat Intelligence Management, reliability is paramount. Our methods prioritize ethical, first-party collection to deliver noise-free data that empowers confident decision-making:
First-Party Focus: No external dependencies; all data is ethically sourced via public protocols, ensuring sovereignty over your intel pipeline.
False Positive Mitigation: User feedback refines accuracy, with built-in flags such as “Is False Positive,” to evolve feeds and reduce analyst fatigue.
Updates: Sources refresh via bulk data feeds for seamless API Integrations, keeping your threat management workflows current without disruption.
By leveraging these methods, Silent Push transforms raw signals into strategic advantage, helping you stay ahead of adversaries in an ever-shifting threat landscape.