https://github.com/jblukach/feedwalla
Feedwalla transforms Firewalla block events - specifically Internet Scanner detections - into a clean, Open Source Threat Intelligence feed.
https://github.com/jblukach/feedwalla
aws cdk feed firewalla ipv4 ipv6 msp osint python threat
Last synced: 2 months ago
JSON representation
Feedwalla transforms Firewalla block events - specifically Internet Scanner detections - into a clean, Open Source Threat Intelligence feed.
- Host: GitHub
- URL: https://github.com/jblukach/feedwalla
- Owner: jblukach
- License: apache-2.0
- Created: 2024-09-10T09:18:53.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2026-04-04T10:00:30.000Z (2 months ago)
- Last Synced: 2026-04-04T12:27:50.591Z (2 months ago)
- Topics: aws, cdk, feed, firewalla, ipv4, ipv6, msp, osint, python, threat
- Language: Python
- Homepage: https://lukach.io
- Size: 37.1 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# feedwalla
Feedwalla transforms **[Firewalla](https://firewalla.com)** block events — specifically **Internet Scanner** detections — into a clean, Open Source Threat Intelligence (OSINT) feed. The feed is **released daily at 10:00 AM UTC** as a **GitHub Release**, sourced from the **[Firewalla MSP](https://firewalla.net)** subscription.
---
## ✨ What is Feedwalla?
Feedwalla is an open-source threat intelligence project that publishes **atomic indicators** observed by Firewalla networks. By focusing on **actual firewall blocks** triggered by **internet-wide scanning activity**, Feedwalla provides defenders with timely and practical indicators suitable for automated ingestion.
The goal is simple:
- Turn real firewall blocks into actionable OSINT
- Keep indicators atomic and easy to consume
- Release consistently, predictably, and transparently
---
## 🔌 How to Use
### Manual Download
Download the latest feed directly from the **GitHub Releases** page.
### Automated Ingestion
Feedwalla is designed for easy integration with:
- Firewalls
- SIEM platforms
- SOAR pipelines
- IDS / IPS systems
- Custom scripts
---
## 🎯 Intended Use Cases
- Enrich firewall blocklists
- Correlate scanner activity across environments
- Threat hunting
- Detection engineering
- Security research
---
## ⚠️ Disclaimer
- Indicators are provided **as-is**
- Inclusion does **not guarantee malicious intent**, only observed scanner behavior
- Always validate indicators against your own environment and risk tolerance