IOFA (Indicators of Future Attack) Feeds provide actionable threat intelligence on domains, IPs, and URLs. This guide explains how to access and analyze IOFA Feed data using the Silent Push platform, with insights grouped into key analytical categories for better decision-making.
Access IOFA Feed analytics
Follow these steps to analyze an IOFA Feed:
Navigate to Threat Intelligence Management > IOFA Feeds in the Silent Push platform.
Locate your desired feed and click the View button to access the Feed Analytics screen.
The Feed Analytics screen provides a detailed breakdown of feed data, contextualized into intuitive categories to help you understand and act on the intelligence.
Feed analytics categories
The analytics for IOFA Feeds are organized into four key sections to provide a comprehensive view of the data:
Feed overview
Understand the core attributes and status of the feed.
Number of IOFAs: Total count of Indicators of Future Attack in the feed.
Feed Last Updated: Timestamp of the most recent update to the feed.
Available Export Formats: Supported formats for exporting feed data (e.g., CSV, JSON).
Linked TLP Amber Report: Associated TLP Amber report, if applicable, for additional context.
Historical IOFA Count: Trend of IOFA counts over time.
IOFA Geolocation: Geographic distribution of the IOFAs in the feed.
Feed Tags: Labels or categories assigned to the feed for easy identification.
Domain insights
Gain insights into domain-related metrics for feeds containing domain data.
Average Domain Age: Mean age of domains in the feed, indicating their longevity.
Average IP Diversity: Average number of IPs a domain has resolved to in the past 30 days, reflecting domain stability.
Average ASN Diversity: Frequency of IP transitions between Autonomous System Numbers (ASNs), indicating network variability.
Average NS Entropy: Measure of recency, frequency, and number of nameserver changes, highlighting potential volatility.
Average NS Reputation: Average reputation score of nameservers associated with domains in the feed.
IP insights
Understand IP-related metrics for feeds containing IP data.
Average IP Density: Average number of domains pointing to each IP in the feed, indicating potential concentration of activity.
Average IP Reputation: Mean reputation score of IPs in the feed, reflecting their trustworthiness.
Average ASN Reputation: Average reputation of ASNs linked to IPs in the feed.
Average Subnet Reputation: Mean reputation of subnets associated with IPs, providing network-level insights.
Top entities
Identify the most prominent entities within the feed for quick prioritization.
Top 10 TLDs: Top-level domains (TLDs) with the highest number of IOFAs in the feed.
Top 10 ASNs: Autonomous System Numbers with the highest IOFA counts.
Top 10 Registrars: Domain registrars associated with the most IOFAs.
Top 10 Nameservers: Nameservers linked to the highest number of IOFAs.
Best practices for using IOFA Feed analytics
Filter and Prioritize: Use Feed Tags and Top Entities to focus on high-risk indicators.
Monitor Trends: Leverage Historical IOFA Count to track changes in threat activity over time.
Export for Analysis: Utilize Available Export Formats to integrate feed data with external tools or workflows.
Cross-Reference Reports: Check the TLP Amber Report for deeper context on specific threats.
IOFA Feed Use Cases
For more information on how customers use IOFA Feeds, refer to the following use cases:
Security Operation Centre (SOC) Analysts: Filter and enrich raw threat data so that only the most critical alerts reach the Security Operations Center for real‑time monitoring and response.
Threat Analysts (TAs): Curate, tag, and annotate threat indicators to prioritize risks and refine intelligence reports.
Indicate Response (IR) Teams: Prepare tailored feeds focusing on specific attack vectors or incidents, providing rapid, actionable insights during an incident.