Analysing IOFA data
You can expand each IOFA Feed to gather additional intelligence on the domains, IPs and URLs contained within them.
Access IOFA Feed Analytics
- Navigate to
Threat Intelligence Management > IOFA Feeds - Click the
Viewbutton on your chosen feed
Feed Analytics categories
The Feed Analytics screen contextualizes feed data using the following categories:
- Number of IOFAs
- Feed Last Updated
- Available Export Formats
- Linked TLP Amber Report
- Historical IOFA Count
- IOFA Geolocation
- Feed Tags
- Key Indicators for domain feed
- Average Domain Age
- Average IP Diversity (the number of IPs a domain has pointed to over the past 30 days)
- Average ASN Diversity (how frequently an IP changes between AS numbers)
- Average NS Entropy (recency, frequency, and number of name server changes)
- Average NS Reputation
- Key Indicators for IP feed
- Average IP Density (Average density of the IPs in the feed - the density score records the number of domains pointing to an IP)
- Average IP Reputation (Average reputation of the IPs in the feed)
- Average ASN Reputation (Average reputation of the ASNs associated with the IPs in the feed)
- Average Subnet Reputation (Average reputation of the subnets associated with IPs in the feed)
- Top 10 TLDs (TLDs in the feed with the highest number of IOFAs)
- Top 10 ASN (ASNs in the feed with the highest number of IOFAs)
- Top 10 Registrars (Registrars with the highest number of IOFAs)
- Top 10 Nameservers (Nameservers with the highest associated number of IOFAs)