- Advanced Threat Prevention PlatformAdvanced Threat Prevention Development PlatformPortable Threat ProtectionStop Email Threats that Evade SandboxesTrust your network trafficTrust at the point of entryStorage you can trustTrust endpoint access to cloud applicationsAdvanced Threat Prevention Management
- See the requirements for each OPSWAT Academy certificationStay current on your education and valid on your certifications
- Ensure your security application is enterprise ready.Enhance threat prevention by integrating OPSWAT technologies.Find OPSWAT resellers, or become an OPSWAT channel partner.
- Trusted by over 1,000 organizations worldwide to provide effective cyber security solutionsContact us to speak with a security expert, and see where we’re located around the worldReports to help you stay on top of the latest threats and malware trendsEvents around the world that OPSWAT is attending and sponsoring
- Create and manage tickets with OPSWAT Support, download products and version updates, and view your license informationView product user guides, KB articles, release notes, and featured articlesLearn more about our various Professional Services packagesDon't have premium support? Contact us to set you up with it
Threat Intelligence Feed
Blacklist Malware Threats
OPSWAT's threat intelligence feed enables organizations to leverage real-time malware data collected by the MetaDefender Cloud platform from all around the world. Developers, IT administrators, and organizations can easily integrate our up-to-date malware threat intelligence data into their existing tools or solutions to effectively protect their organization against threats.
Why threat intelligence?
Threat Intelligence starts with the collection of information. Since 2012, OPSWAT has collected malware information from a wide range of sources: free users, customers, our OEM community, and other cybersecurity vendors—such as anti-malware and firewall vendors. The result is a massive online database of malware hashes and malware-related information that can be cross-referenced.
Threat Intelligence helps:
- Organizations know as much as possible about the newest threats, in order to identify, prevent and mitigate them
- Researchers analyze trending malware on the market
- Security products leverage threat intelligence capabilities to harden security measures
The information enables SecOps to see beyond the typical attack lifecycle, adding context and priority to global threats. They can use the information to enhance their current security and risk management infrastructure, by building proactive defenses, prioritizing alerts, and improving incident response. They can qualify threats poised to disrupt their business, based on the attacker’s intent, tools, and tactics.
Getting started
The data feed contains the latest detected malware hash signatures, including MD5, SHA1, and SHA256. Our feed is updated instantly with malware to provide actionable and timely threat intelligence. Data is delivered in JSON format using REST API calls and is configurable using query parameters:
Integration example – consume our threat intelligence feed programmatically:
curl -X GET \
'https://api.metadefender.com/v4/feed/infected/latest?page=1' \
-H 'apikey: ${APIKEY}'
var request = require("request");
var options = { method: 'GET',
url: 'https://api.metadefender.com/v4/feed/infected/latest',
qs: { page: '1'},
headers: {
apikey: process.env.APIKEY
}
};
request(options, function (error, response, body) {
console.log(body);
});
import requests
import os
url = "https://api.metadefender.com/v4/feed/infected/latest"
querystring = {"page":"1"}
headers = {'apikey': os.environ["APIKEY"]}
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)
require 'uri'
require 'net/http'
url = URI("https://api.metadefender.com/v4/feed/infected/latest?page=1")
http = Net::HTTP.new(url.host, url.port)
request = Net::HTTP::Get.new(url)
request["apikey"] = ENV['APIKEY']
response = http.request(request)
puts response.read_body
package main
import (
"fmt"
"net/http"
"io/ioutil"
"os"
)
func main() {
url := "https://api.metadefender.com/v4/feed/infected/latest?page=1"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("apikey", os.Getenv("APIKEY") )
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(string(body))
}
$uri = 'https://api.metadefender.com/v4/feed/infected/latest?page=1'
$headers = @{}
$headers.Add('apikey', $env:APIKEY)
$result = Invoke-WebRequest -Uri $uri -Headers $headers -UseBasicParsing
Write-Output $result.content
Available query parameters (all optional):
- page – The page of the feed to be retrieved. You can get 1,000 items per page. If omitted, the first page will be retrieved
- category - only include files of a certain category, like documents or APKs. See the documentation for a full list of categories
- date - the feed can be queried to return hashes from up to 30 days in the past. Defaults to today
We make this information available to free users and clients via the web and APIs. While free users have access to the top 1,000 new malware hash signatures each day, commercial users have access to hundreds of thousands of threats every day. Commercial users can easily integrate our Threat Intelligence technology into existing Security Information and Event Management (SIEM) system. Commercial users can leverage millions of data points from thousands of in-the-wild devices and start consuming our Threat Intelligence feed to efficiently identify and block the latest malware threats.
Our threat intelligence feed is available for all new and existing OPSWAT users and customers. Register for a new OPSWAT Portal account or log in with an existing account to obtain your MetaDefender Cloud API key, which is required to access and download the feeds.
For more developer options, please see the API documentation here.
Expanded commercial version
For full access to hundreds of thousands of threats every day, we offer a commercial version of our threat intelligence feed. It can easily integrate into your existing Security Information and Event Management (SIEM) system.
Leverage millions of data points from thousands of in-the-wild devices, and start consuming our threat intelligence feed to efficiently identify and block the latest malware threats