How do you decide who’s entitled to the data you collect?

At Shadowserver, we believe in transparency and work to promote a culture of sharing across the Internet security community. But we aren’t reckless. The data we collect is protected. We make it available on a need-to-know basis, whether you’re an end-user or a national CSIRT.

To ensure that everyone gets only the information that’s relevant to their needs, we use a very strict, simple criterion: network ownership.

We provide secure access to a wide variety of data applicable to the networks you own directly, filtered by CIDR, ASN, TLD, and geo location (for national CSIRTs), based on the report types that you request. You can subscribe to custom reports here.

Other Questions

Can I select/change which reports I subscribe to?

Absolutely! Please send a request to report_admin@shadowserver.org with changes you want to make in your report setup.

Do you support STIX/TAXII?

Currently no. You can use our RESTful API to easily automate the processing of our API report data. You can receive test API data access to our sample reports to build your parsers. Contact us for API key access.

Are there tools that can automatically parse your feeds?

Yes! We have published a report-manager tool on our GitHub page. There are open source and commercial tools that have parsers of our reports, allowing for automation.

A good example of a free open source tool is IntelMQ. We maintain the Shadowserver feed parsers there, so it is most up to date!