AIARCOASC Docs

Threat Intel

Signed indicator manifests (IPs, domains, hashes) pushed every 5 minutes. Use them in WAF, microseg, EDR or your own SIEM.

What it is

Threat Intel produces signed manifests of known-bad indicators (IPs, domains, JA3, file hashes, ASN, certificate fingerprints). Subscribe via API, webhook or feed; verify the Ed25519 signature; consume in the WAF, in your microseg policies, or in your own SIEM/EDR.

When to use it

  • Feed your SIEM with curated bad-actor intel.
  • Drop traffic from known-malicious infrastructure in the WAF.
  • Trigger an alert when a host phones home to a known C2.

Quickstart

asc shield threat-intel feeds list
asc shield threat-intel pull --feed malware-c2 --since -15m
client.shield.threat_intel.pull(feed='malware-c2', since='-15m')
await client.shield.threatIntel.pull({ feed: 'malware-c2', since: '-15m' });

Limits & quotas

LimitDefaultBurstNotes
Update cadence5 min
Feedsmalware-c2, phishing, scanners, residential-vpn, leaked-tokens, …
SignatureEd25519 manifestPublic key published

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • GET /v1/shield/threat-intel/feeds/{feed}

Required scope(s): shield:read. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.