A curated domain whitelist designed to reduce false positives in threat intelligence by filtering legitimate domains from malicious domain lists.
Domain white list applied to https://github.com/davidonzo/Threat-Intel
This tool is used by threat intelligence analysts and security teams to filter out legitimate domains that are often misclassified as malicious due to their use in hosting malicious URLs. It integrates with platforms like MISP to improve the accuracy of threat detection by reducing false positives related to domain indicators.
This whitelist is intended to be used alongside the OSINT.DigitalSide.IT Threat Intel project and MISP platform to reduce false positives in domain-based threat detection. Users should regularly update the whitelist and contribute to its maintenance to keep it effective. When a whitelisted domain is found hosting malicious URLs, the domain is omitted from the malicious domain list but the URLs are still tracked separately.
Fork the repository
Clone the repository to your local machine
Edit the OSINT.DigitalSide-Threat-Intel-Domain-WL.txt file to add or remove domains
Run the script python3 tools/commitnewversion.py to update the whitelist
Push changes to your forked repository
Open a pull request to merge changes into the main repositorypython3 tools/commitnewversion.py
Updates the whitelist file and prepares the repository for committing changes after domain edits.