Maltiverse Datasets
Maltiverse processes threat intelligence from multiple sources and classifies it so it can be easily consumed and understood. Each Indicator of Compromise (IoC) is run by the Maltiverse Algorithm to be categorized not only by its type, but also by the level of risk associated with it. This approach allows security teams to quickly distinguish between highly risky IoCs and non-threatening IoCs, ensuring threat data is both actionable and reliable.
IoC Types
There are four types of IoC in Maltiverse dataset
|
An IP address, or Internet Protocol address, is a series of numbers that identifies any device on a network. In this use case Maltiverse is only storing information related to public IP Addresses.
|
|
|
Hostnames are labels that are assigned to a device connected to a computer network and that is used to uniquely identify a device. Internet hostnames may have appended the name of a Domain Name System (DNS) domain, separated from the host-specific label by a period (“dot”). In the latter form, a hostname is also called a domain name.
|
|
|
A Uniform Resource Locator (URL), colloquially named a web address is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.
|
|
|
A computer file sample is a computer resource for recording data in a computer storage device, uniquely identified by its SHA256 hash function.
|
IoC Classification
Maltiverse data model classifies IoCs in four possible categories. It takes into consideration hundreds of conditions to provide a precise classification for an IoC in a specific point in time. This classification is recalculated periodically (every hour) so an IoC can be downgraded for example from malicious to suspicious if the malicious activities have ceased for a specific period of time.
The four different values for the classification field are:
| Classification Value | Description |
| Malicious | The IoC is currently involved in malicious activities and is considered to be harmful. |
| Suspicious | The IoC has been involved in malicious activities in the past and there are chances it has not ceased. |
| Neutral | There is no information related to the IoC that could determine if it is good or bad. |
| Whitelist | The IoC is considered to be safe and will remain as it is despite new malicious classification incoming. |
Related Articles
Maltiverse Search Engine
Maltiverse’s Search Engine is a powerful tool that can be used to explore and filter Indicators of Compromise (IoCs) efficiently. By using the Lucene Query Syntax you can have precise control to carry out searches for specific types of indicators ...Use Case: IoC Dissemination
When talking about securing your operations, speed and coverage are two critical aspects in keeping your data safe. Having access to private or global IoCs is valuable, but their real power comes when they are distributed across your security stack. ...Getting Started with Maltiverse
Maltiverse by Lumu enhances your cybersecurity stack's Continuous Compromise Assessment by injecting curated threat intelligence feeds, thereby empowering threat detection. This article will guide you through the initial steps to integrate ...Maltiverse Plans
Maltiverse offers three different subscription plans designed to fit a wide range of security needs, from individuals and small teams just starting with threat intelligence, to large enterprises requiring advanced integrations and full platform ...Upload Private IoCs via Maltiverse Portal
This feature is only available for the Platform plan users. Maltiverse allows users to upload and manage IoCs directly through the platform. This feature streamlines the process of parsing IoCs from raw text, associating them with relevant metadata, ...