What information do you include in your reports?

We share most of the data that we collect each day, filtered by ASN, CIDR, Country Code, or TLD (all levels). You can only get reports for your own network ranges or constituency, not our entire dataset. We offer over 100 different report types; you can subscribe to any or all of them. Our data is actionable and includes at minimum, the IPs, timestamps, and other incident meta-data necessary to act on the issue reported. The information shared can come from scans, sinkholes, honeypots, darknets, sandboxes,  blocklists and many other sources. This translates to information about your exposed attack surface as well as victim notifications (information for example on infections in your network).

Each custom report contains filtered data on the activity that we were able to monitor within the last 24 hours (or, for C&Cs, seven days). If we haven’t detected any activity relevant to your subscription during that period, we won’t send the report for that day. Please note that the filtering means that you get reports for your own network only.

Other Questions