Threat-Intel-Domain-WL

by davidonzo

4stars

3forks

1watchers

Updated about 1 year ago

About

A curated domain whitelist designed to reduce false positives in threat intelligence by filtering legitimate domains from malicious domain lists.

Domain white list applied to https://github.com/davidonzo/Threat-Intel

Primary Use Case

This tool is used by threat intelligence analysts and security teams to filter out legitimate domains that are often misclassified as malicious due to their use in hosting malicious URLs. It integrates with platforms like MISP to improve the accuracy of threat detection by reducing false positives related to domain indicators.

Key Features

Curated domain whitelist specifically for OSINT.DigitalSide.IT Threat Intel
Helps reduce false positives by excluding legitimate domains from malicious domain lists
Integration guidance for use with MISP warning lists
Supports community contributions for domain additions/removals
Automated script to update the whitelist file and commit changes

Installation

Fork the repository
Clone the repository to your local machine
Edit the OSINT.DigitalSide-Threat-Intel-Domain-WL.txt file to add or remove domains
Run the script python3 tools/commitnewversion.py to update the whitelist
Push changes to your forked repository
Open a pull request to merge changes into the main repository

Usage

>_ python3 tools/commitnewversion.py

Updates the whitelist file and prepares the repository for committing changes after domain edits.

Security Frameworks

Reconnaissance

Collection

Detection

Analysis

Usage Insights

Integrate the whitelist with MISP to automate false positive reduction in threat intel feeds.
Use the whitelist to tune IDS/IPS systems to reduce alert fatigue caused by legitimate domains.
Leverage community contributions to keep the whitelist updated with emerging legitimate domains.
Combine with threat hunting workflows to focus analyst efforts on true malicious indicators.
Automate periodic updates and commits to maintain accuracy and relevance of the whitelist.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about Threat-Intel-Domain-WL. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile

Red Team30%

Blue Team80%

Purple Team60%

Details

LicenseMIT License

LanguagePython

Open Issues1

Topics

misp