Skip to main content

ELLIO: IP Threat Intel

IP Threat Intel is available in two flavors: Bulk Data Access and API Access.

Bulk Data Access

Bulk data access is an excellent option for demanding cybersecurity teams and clients who, for privacy and security reasons, prefer not to or cannot use API access.

Simply put, bulk data access provides a data feed containing information about all IPs observed by ELLIO's Deception Network in the past 30 days. This data is available in multiple formats to accommodate a variety of use cases.

MISP Feeds

  1. Lightweight MISP Feed

    • This feed is updated every 5 to 15 minutes and contains information about all observed IP addresses during the current day (UTC time). It includes regions targeted by an IP address, volume of events, and last observed time. This feed is designed to be lightweight and fast, making it ideal for SOCs to integrate and correlate with existing data within a MISP instance, providing indicators of generalized targeting rather than specific threats.
    • In this feed, one event represents one day, with all observed IP addresses listed as attributes.

  2. Extended MISP Feed

    • Contains detailed information about all IP addresses observed over the last 30 days. This feed is updated hourly.
    • Each event in this feed represents an IP address. Attributes include the IP address itself, a list of targeted ports, spoofability of each port and the IP address as a whole, targeted regions, and last observed time.
    • The initial import of this feed can take several hours to a day, depending on the specifics of your MISP instance.

JSON Feeds

  1. Master Feed
    • This feed is essentially an array where every object is equivalent to an API response for each IP address observed in the past 30 days.
    • Updated every 5 to 15 minutes, this feed is extremely useful for high-throughput applications, offline access, air-gapped environments, or on-premise API setups.

API Access

API access is tailored for applications such as log enrichment, SOAR automation, and custom application development. This method allows for real-time data access and integration into various security workflows.

Getting Started with API Access

We offer free 14-day trials — just contact us at [email protected] to receive an API key or links for Bulk Data Access. For more extensive needs, we provide paid pilots that include onboarding, integration, and, if necessary, customization of data formats and delivery mechanisms to fit your specific requirements.

You can read more about API access here

info

We are in the process of migrating documentation to this publicly available instance.

If there is something that you are missing, help us prioritize it and drop us a line at [email protected].

Thank you!