Build with the
ELLIO platform

Reference docs, integration guides, and video lessons for ELLIO Threat Intelligence and ELLIO Blocklist Automation. Block scanners, mass exploitation, and unwanted reconnaissance - at the edge of your infrastructure.

Build your first blocklist Browse the API reference

Where to start

Pick a path. Each guide is self-contained and ships you a working integration in under thirty minutes.

Threat IntelligenceTech preview

Microsoft Sentinel TAXII

1M+ IP indicators delivered to Sentinel via TAXII 2.1 with rich STIX 2.1 enrichment - kill-chain mapping, MITRE ATT&CK tags, and network fingerprints.

Set up the TAXII feed

Blocklist Automation

Create your first blocklist

Compose a custom External Dynamic List from ELLIO threat feeds, recon lists, business services, and your own rulesets. Deploy to any major firewall in minutes.

Open the quickstart

Integrations

Traefik Middleware Plugin

Native Traefik plugin that fetches your EDL and applies block/allow decisions at the proxy. Works standalone, behind Cloudflare, and with Pangolin.

Install the Traefik plugin

Threat Intelligence

MISP integration

Native MISP feed delivering millions of non-spoofable IP indicators with classification, kill-chain, MITRE ATT&CK, and JA4 fingerprint tagging. Pulled by MISP’s built-in feed-sync.

Set up the MISP feed

Video Library

Watch, then ship

Short video lessons that pair with the written docs. Build a blocklist or wire up Sentinel TAXII without leaving the player.

Browse video tracks

Threat Intelligence

CTI API

Programmatic IP lookups with classification, tags, ASN, geo, fingerprints, and observation history. Single, extended, and bulk endpoints.

Read the CTI API reference

ELLIO PlatformSign in to manage rulesets and EDLs Open source on GitHubPlugins, examples, and integrations

Build with theELLIO platform