What is a threat intelligence dashboard?
A threat intelligence dashboard aggregates multiple live security feeds into a single view, giving analysts an at-a-glance understanding of the current threat landscape. Instead of checking individual feeds one by one, this dashboard pulls from SANS Internet Storm Center (global threat level and top attackers), CISA's Known Exploited Vulnerabilities catalog (confirmed active exploits), and the abuse.ch family of feeds (botnet C2, malware URLs, malicious certificates) in one load.
Key Terminology
- ISC INFOCON
- The Internet Storm Center's threat level indicator. Green means normal activity, yellow indicates noteworthy activity, orange signals significant threat, and red indicates a critical internet-wide emergency. It's the internet's equivalent of a weather alert system.
- CISA KEV
- The Known Exploited Vulnerabilities catalog — a list of CVEs that have been observed being actively exploited in the wild. Federal agencies are required to patch these by specific deadlines, and private organizations should treat these as top priorities.
📊 Internet Threat Dashboard — Frequently Asked Questions
How often is the threat dashboard data updated?
Data is fetched live each time you load the page. ISC SANS INFOCON and attack statistics update multiple times daily. CISA KEV additions happen as new exploited vulnerabilities are confirmed. Feodo botnet data refreshes every few hours.
What does the SANS ISC INFOCON level mean?
INFOCON is a four-level scale — green (normal), yellow (notable increase in threats), orange (significant new threat), and red (severe disruption expected). It reflects the current global internet threat posture as assessed by the SANS Internet Storm Center.