Could I please request some advice from my fellow cybersecurity people. I'm thinking of putting together a public feed of IOCs from public OSINT-reporting.
I've already got everything setup, but I'm not sure if this would be considered... a little bit too much of a scraping activity.
Would it be appreciated, or frowned upon?
@Cali Sources are "primary", i.e. articles/blogposts by companies like Mandiant, CrowdStrike, CloudSek, Huntress, etc etc.
There are 351 such sources that I'm pulling from.
I'm not entirely sure about the format either. Because I'm guessing that some would probably prefer to get it machine readable, but others may want to know from where a specific IOC came from.
Ideally it should probably be provided in some sort of TAXII/STIX feed thingy.
But I also don't want to make it too complicated. A continuously updated CSV might be alright... or just a JSON populated with new entries.
Christoffer S.
Cali