Feeds
Feeds
Why feeds are always of questionable value. The famous 'pyramid of pain'
http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
I think use cases built to alert on feeds can be pretty hit and miss but this is very useful
TLS Certificates used by Malware
https://sslbl.abuse.ch/ssl-certificates/
TOR Exit IP's
https://check.torproject.org/torbulkexitlist
Curated lists
https://github.com/drb-ra/C2IntelFeeds
The excellent Greynoise. Is the thing scanning / trying to exploit you specific to you or scanning everyone? Makes those external firewall logs that audit make you keep interesting and useful....