[](https:://www.criticalpathsecurity.com)

# Zeek Intelligence Threat Feed w/ Combined Indicators 这是一个基于公开威胁情报源和 CRITICAL PATH SECURITY 收集数据的公开源。 该源将尽可能频繁地更新。 ## 入门指南 这些说明将帮助您获取项目副本并开始运行。 ### 依赖项 * ZEEK 3.0 或更高版本 ### 安装 安装 Zeek 依赖项 ``` sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev ``` 将仓库克隆到 `/opt` ``` cd /opt git clone --recursive https://github.com/zeek/zeek ./configure && make && sudo make install ``` 安装 Zeek ``` ./configure && make && sudo make install ``` ## 安装威胁情报源 将仓库克隆到 `/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds` ``` cd /opt git clone https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds.git /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds echo "@load Zeek-Intelligence-Feeds" >> /usr/local/zeek/share/zeek/site/local.zeek ``` ## 使用方法 导航到 `/usr/local/zeek/bin/` ``` ./zeekctl deploy ``` ### 计划更新 可以使用简单的 bash 脚本进行更新。示例如下。 ``` vi /opt/zeek_update.sh ``` 添加以下内容： ``` #!/bin/sh cd /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds && git fetch origin master git reset --hard FETCH_HEAD git clean -df ``` 使脚本可执行。 ``` chmod +x /opt/zeek_update.sh ``` 添加以下 cron 条目以进行 24 小时更新。 ``` 5 * * * * sh /opt/zeek_update.sh >/dev/null 2>&1 ``` 日志将写入： ``` /usr/local/zeek/logs/current/intel.log ``` 来源： Filename | Provider | Homepage | List URL | License/TOU | |-----------|-----------|----------------------------------|--------------------------------|----------------------------------| | Amnesty_NSO_Domains.intel | Amnesty NSO Domains | https://github.com/AmnestyTech/investigations | https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso | Not Defined | | abuse-ch-ipblocklist.intel | Abuse.CH Blacklist | https://sslbl.abuse.ch/blacklist/ | https://sslbl.abuse.ch/blacklist/ | https://sslbl.abuse.ch/blacklist/ | | abuse-ch-malware.intel | Abuse.CH Malware | https://bazaar.abuse.ch/ | https://bazaar.abuse.ch/ | https://bazaar.abuse.ch/ | | abuse-ch-threatfox-ip.intel | Abuse.CH ThreatFox | https://threatfox.abuse.ch/ | https://threatfox.abuse.ch/ | https://threatfox.abuse.ch/ | | abuse-ch-urlhaus.intel | Abuse.CH URLHaus | https://urlhaus.abuse.ch/ | https://urlhaus.abuse.ch/ | https://urlhaus.abuse.ch/ | | alienvault.intel | AlienVault | https://www.alienvault.com/ | http://reputation.alienvault.com/reputation.data | https://otx.alienvault.com/ | | binarydefense.intel | Binary Defense | https://www.binarydefense.com/ | https://www.binarydefense.com/banlist.txt | https://www.binarydefense.com/ | | censys.intel | Censys | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | cobaltstrike_ips.intel | CobaltStrike IP | https://threatview.io/ | https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt | https://threatview.io/ | | compromised-ips.intel | Emerging Threats | https://rules.emergingthreats.net/ | https://rules.emergingthreats.net/blockrules/compromised-ips.txt | https://rules.emergingthreats.net/OPEN_download_instructions.html | | cps-collected-iocs.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | cps_cobaltstrike_domain.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | cps_cobaltstrike_ip.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | ellio.intel | Ellio Tech | https://www.ellio.tech | https://www.ellio.tech | https://www.ellio.tech | | fangxiao.intel | Cyjax | https://www.cyjax.com/ | https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt | https://www.cyjax.com/2022/11/14/fangxiao-a-chinese-threat-actor/ | | filetransferportals.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | illuminate.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | inversion.intel | Google / Inversion | https://github.com/elliotwutingfeng/Inversion-DNSBL-Blocklists | Github | https://github.com/elliotwutingfeng/Inversion-DNSBL-Blocklists/blob/main/LICENSE | | lockbit_ip.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | log4j_ip.intel | Multiple Sources | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | openphish.intel | OpenPhish | https://openphish.com | https://openphish.com/feed.txt | https://openphish.com/terms.html | | predict_intel.intel | Georgia Tech Research Institute (GTRI) | https://www.gatech.edu/ | https://www.gatech.edu/ | https://www.gatech.edu/ | | ragnar.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | sans.intel | SANS | https://isc.sans.edu/ | https://isc.sans.edu/api/intelfeed | https://isc.sans.edu/data/threatfeed.html | | scumbots.intel | ScumBots | None | None | Permission given by Paul Melson - Free Usage | | stalkerware.intel | Critical Path Security | https://www.criticalpathsecurity.com/ | Github | https://www.criticalpathsecurity.com/ | | tor-exit.intel | Tor Project | https://www.torproject.org/ | https://check.torproject.org/exit-addresses | https://www.torproject.org/ | Tue Mar 3 07:25:22 UTC 2026

标签：Bro, DNS解析, Rootkit, Zeek, Zeek脚本, 信标, 内核模式, 威胁情报, 开发者工具, 开源项目, 恶意IP, 恶意域名, 指标, 数据馈送, 网络安全, 网络流量分析, 隐私保护