Login

u/Q-Feeds

Harden your OPNsense set-up with Q-Feeds Threat Intelligence
▲ 47 r/opnsense

Harden your OPNsense set-up with Q-Feeds Threat Intelligence

Hey r/opnsense,

Like many of you, I was relying on a mix of free blocklists to harden my firewall. They do the job to a point, but the quality and freshness of the data vary widely, and most major threat intelligence providers are extremely costly.

That's why we built Q-Feeds, a European CTI feed service providing regularly updated IP, URL and DNS blocklists, built and processed entirely within the EU.

We've built a plugin for OPNsense together with Deciso, this makes the integration straightforward, no manual list management and feeds update automatically.

What's in the feeds:

  • Malicious IPs and domains (C2, botnets, scanners, etc.)
  • Phishing and malware domains
  • Dark web and OSINT-derived indicators

I've included a screenshot of our Threat Intelligence Portal to give you a feel for what the data looks like.

There's a free tier if you want to try it out. Feel free to share your experiences!

We are happy to answer any questions about the feeds, the data sources, or how any other question you have!

Q-Feeds Threat Intelligence Portal

reddit.com
u/Q-Feeds — 5 days ago
▲ 4 r/PFSENSE+1 crossposts

Phase 1 is live: IOC browser, context, risk scoring & MITRE mapping

A little while ago we've shared a preview of what we were building for the Q-Feeds Threat Intelligence Portal. Phase 1 is now live.

This release is focused on giving more visibility into the data behind the feeds instead of just consuming blocklists.

You can now:

  • Browse the full IOC database
  • View IOC history, enrichment data, and relationships
  • See risk scoring to understand relevance/priority
  • Explore MITRE ATT&CK mappings for additional context
  • Investigate indicators that are not included in feeds (e.g. lower confidence)

The idea is to make it easier to validate and investigate instead of blindly blocking.

Please note that this update also introduces a brand new risk-scoring system. But be aware that this risk-scoring system is not used (yet) for our current feeds.

Promo for existing users

If you’ve already used your premium trial, you can test the new functionality for 7 days with this code:

1-WEEK-THREAT-LOOKUP

You can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.

What’s next (subject to change)

  • Phase 2 (in progress): more granular feed filtering/generation (e.g. only C2, exclude TOR, MITRE-based filtering)

Would be great to get feedback from the community:

  • What filtering options would you actually use?
  • Anything missing in the IOC view?

Happy to answer any questions as well.

reddit.com
u/Q-Feeds — 18 days ago
▲ 12 r/opnsense

Phase 1 is live: IOC browser, context, risk scoring & MITRE mapping

A little while ago we've shared a preview of what we were building for the Q-Feeds Threat Intelligence Portal. Phase 1 is now live.

This release is focused on giving more visibility into the data behind the feeds instead of just consuming blocklists.

You can now:

  • Browse the full IOC database
  • View IOC history, enrichment data, and relationships
  • See risk scoring to understand relevance/priority
  • Explore MITRE ATT&CK mappings for additional context
  • Investigate indicators that are not included in feeds (e.g. lower confidence)

The idea is to make it easier to validate and investigate instead of blindly blocking.

Please note that this update also introduces a brand new risk-scoring system. But be aware that this risk-scoring system is not used (yet) for our current feeds.

Promo for existing users

If you’ve already used your premium trial, you can test the new functionality for 7 days with this code:

1-WEEK-THREAT-LOOKUP

You can activate this code by clicking on your account name on the top-right and then go to licenses -> activate licenses.

What’s next (subject to change)

  • Phase 2 (in progress): more granular feed filtering/generation (e.g. only C2, exclude TOR, MITRE-based filtering)
  • Phase 3: updated OPNsense plugin to support these improvements while keeping it simple

Would be great to get feedback from the community:

  • What filtering options would you actually use?
  • Anything missing in the IOC view?
  • Ideas for improving the OPNsense plugin?

Happy to answer any questions as well.

reddit.com
u/Q-Feeds — 21 days ago