ELLIO Documentation
Guides and reference for putting ELLIO threat intelligence and automated blocklists to work in your firewalls, SIEM, and pipelines.
Popular guides
Blocklist AutomationCreate your first blocklistCompose an EDL from threat feeds and your own rules, then deploy it to a firewall.Threat Intelligence NewGoogle SecOps integrationIngest ELLIO indicators into SIEM and enrich SOAR cases with IP verdicts.Threat IntelligenceMISP feedMillions of non-spoofable IP indicators via MISP’s built-in feed sync.IntegrationsTraefik middlewareFetch your EDL and apply block or allow decisions at the proxy.Threat Intelligence Tech previewMicrosoft Sentinel TAXIIStream STIX 2.1 indicators into Sentinel over TAXII 2.1.Threat IntelligenceSearch syntaxQuery the IP catalogue by classification, tags, ports, and fingerprints.