Actionable IP
Threat Intel

ELLIO: IP Threat Intel delivers real-time threat intelligence that helps security teams reduce alert fatigue and speed up triage in TIPs, SIEM & SOAR platforms.

This product is part of the Summer Offer.

Eliminate cybernoise.
Speed up triage.
Focus on serious threats.

Reduce alert fatigue
Cut down
number of alerts
Enrich SIEM events
Accelerate triage
Boost teams' performance
Gain critical insight

Data delivery that fits your use-case

Available as an API for your SIEM/SOAR/TIP or as a local database for most demanding on-premise workloads.

MISP logo.JSON logo.Logstash logo.

MISP Feed

ELLIO: IP Threat Intel MISP feed screenshot.

Extended feed

This feed provides detailed information on IP addresses observed in the last 30 days, including ports targeted by an IP. Updated every 60 minutes, it reflects the current threat landscape. Each IP entry includes context on event volume over the past 30 days and the most recent detection by ELLIO's deception network.

Daily feed

This feed provides a list of all IP addresses observed today. Each IP entry includes tags and comments with context on targeted regions, connection volume, and the last time the IP was observed by ELLIO's deception network. Updated every 5 minutes, it ensures you have the most current information for your investigation and incident response.
To try demo samples of the daily and extended feeds in your MISP instance, visit our Demo Space page.

JSON Feed

ELLIO: IP Threat Intel JSON feed screenshot.

This powerful feed provides an exhaustive list of all IPs detected by ELLIO's advanced deception network over the past 30 days, delivered in a clear and accessible JSON format. Updated every 5 minutes, this feed ensures you stay ahead of emerging threats with most up-to-date data available.

Designed to meet the needs of customers managing large volumes of events, this feed is perfect for environments requiring data enrichment, air-gapped systems, and custom workflows. The demand for this high-frequency format has been driven by the critical requirements of government Security Operations Centers and the sensitive workloads of the financial industry.

With detailed information on IPs, contacted ports, targeted regions, and event volume, our IP Threat Intel feed empowers you to automate your workflow with precision.

List of observed IPs in the last 30 days.

Ports targeted by each IP address.

Targeted continents and (optionally) countries.

Volume of connections observed from an IP address.

Last time each IP was observed.

Data included in JSON feed.

API Access

Fingerprints. At your fingertips.

Optional addon that includes fingerprints for all observed IPs during last 30 days.

JA3

New!

JA4

New!

JA4+

Arkime UI with JA4 clusters based on ELLIO's data

Summer hot savings
you don’t want to miss.

Discover limited-time prices for Summer 2024.

Discover limited-time
prices for July 2024.

Check out Summer Offer

Ready to see ELLIO in action?