The full stack of cyber intelligence.
Every source Baz relies on — official advisories, CVE catalogues, primary research, frameworks, hardened tooling and open IOC feeds. Curated and kept current.
Threat Intel
15CISA Known Exploited Vulnerabilities
↗Authoritative catalog of CVEs known to be exploited in the wild. Mandatory patching baseline for US federal agencies.
CISA Cybersecurity Advisories
↗Advisories, alerts, and ICS security notices from CISA.
NVD — National Vulnerability Database
↗US government CVE repository with CVSS scoring and CPE mapping.
MITRE ATT&CK
↗Globally-accessible knowledge base of adversary tactics and techniques.
MITRE CWE
↗Community-developed list of software and hardware weakness types.
MITRE CAPEC
↗Common Attack Pattern Enumeration and Classification.
MS-ISAC
↗Multi-State ISAC advisories for US SLTT governments.
ENISA
↗EU Agency for Cybersecurity — threat landscape reports and guidance.
CERT-EU
↗Computer Emergency Response Team for the EU institutions.
NCSC UK
↗UK National Cyber Security Centre — advisories and guidance.
ACSC (Cyber.gov.au)
↗Australian Cyber Security Centre advisories and alerts.
Canadian Centre for Cyber Security
↗Canada's national cybersecurity authority.
JPCERT/CC
↗Japan Computer Emergency Response Team Coordination Center.
CERT.br
↗Brazilian national CERT.
SANS Internet Storm Center
↗Daily diaries from a global network of incident handlers.
Vendor Advisories
18Microsoft MSRC
↗Microsoft Security Response Center — security updates and advisories.
Cisco PSIRT
↗Cisco Product Security Incident Response Team advisories.
Palo Alto Networks Security Advisories
↗PSIRT advisories for Palo Alto products.
Fortinet PSIRT
↗Fortinet FortiGuard PSIRT advisories.
Ivanti Security Advisories
↗Ivanti product security advisories.
Citrix Security Bulletins
↗Citrix security bulletins and advisories.
Broadcom/VMware Security
↗VMware / Broadcom security advisories.
Adobe PSIRT
↗Adobe product security bulletins.
Oracle Critical Patch Updates
↗Quarterly critical patch updates from Oracle.
Apple Security Releases
↗Apple platform security updates.
Android Security Bulletins
↗Monthly Android security bulletins.
Chrome Releases (Security)
↗Google Chrome security updates.
Ubuntu Security Notices
↗USN advisories for Ubuntu packages.
Red Hat Security Advisories
↗RHSA advisories for Red Hat products.
Debian Security Advisories
↗DSA advisories for Debian.
GitHub Advisory Database
↗Security advisories for open source packages.
OSV.dev
↗Open source vulnerability database aggregating multiple ecosystems.
Exploit-DB
↗Offensive Security's archive of public exploits and PoCs.
News
15Krebs on Security
↗Investigative cybersecurity journalism by Brian Krebs.
BleepingComputer
↗Breaking cybersecurity news and technical write-ups.
The Record by Recorded Future
↗Independent cybersecurity news from Recorded Future.
Dark Reading
↗Enterprise cybersecurity news, analysis and features.
The Hacker News
↗Cybersecurity news and threat intelligence updates.
SecurityWeek
↗Cybersecurity news, insights and analysis.
CyberScoop
↗Cybersecurity news for enterprise and government.
Risky Business
↗Long-running cybersecurity podcast and newsletter.
Infosecurity Magazine
↗Global cybersecurity industry news.
Ars Technica — Security
↗In-depth security coverage from Ars Technica.
WIRED — Security
↗WIRED cybersecurity reporting.
404 Media
↗Independent technology and cybersecurity reporting.
Graham Cluley
↗Independent cybersecurity commentary and podcast.
Help Net Security
↗Daily cybersecurity news.
Schneier on Security
↗Commentary on security and cryptography by Bruce Schneier.
Research
19Mandiant Blog
↗Threat research and incident response insights from Mandiant.
Palo Alto Unit 42
↗Threat research from Palo Alto Networks.
Cisco Talos Intelligence
↗Threat research and detection content from Cisco Talos.
Google Threat Analysis Group (TAG)
↗APT and nation-state threat research from Google.
Microsoft Threat Intelligence
↗Threat intelligence from Microsoft security teams.
CrowdStrike Blog
↗Threat research and eCrime reporting from CrowdStrike.
Sophos X-Ops
↗Sophos threat research and IR write-ups.
ESET WeLiveSecurity
↗ESET malware and threat research.
Kaspersky Securelist
↗Kaspersky APT and malware research.
Trend Micro Research
↗Threat research from Trend Micro.
Check Point Research
↗CPR threat research and CVE analysis.
SentinelOne Labs
↗SentinelLabs threat research.
Rapid7 Blog
↗Vulnerability disclosures and detection engineering from Rapid7.
Huntress Blog
↗MDR threat research from Huntress.
Volexity Blog
↗APT research and memory forensics from Volexity.
Google Project Zero
↗Zero-day vulnerability research from Google.
Citizen Lab
↗Research on digital rights, spyware, and targeted threats.
Amnesty Security Lab
↗Investigations into commercial spyware and targeted attacks.
Trail of Bits Blog
↗Applied security research and audits.
Frameworks
8NIST Cybersecurity Framework 2.0
↗Voluntary risk-based framework organized around Govern/Identify/Protect/Detect/Respond/Recover.
CIS Controls v8
↗Prioritized set of actions to defend against common attacks.
OWASP Top 10
↗Awareness document for web application security risks.
OWASP SAMM
↗Software Assurance Maturity Model.
OWASP Cheat Sheets
↗Concise application security guidance.
MITRE D3FEND
↗Countermeasure knowledge graph.
MITRE Engage
↗Framework for adversary engagement operations.
CSA Cloud Controls Matrix
↗Cybersecurity control framework for cloud computing.
Standards
12NIST SP 800-53
↗Security and privacy controls for federal information systems.
NIST SP 800-171
↗Protecting Controlled Unclassified Information in non-federal systems.
NIST SSDF (SP 800-218)
↗Secure Software Development Framework.
ISO/IEC 27001
↗International standard for information security management systems.
ISO/IEC 27002
↗Code of practice for information security controls.
ISO/IEC 27005
↗Information security risk management guidance.
CIS Benchmarks
↗Configuration guidelines for hardening systems.
OWASP ASVS
↗Application Security Verification Standard.
PCI DSS 4.0
↗Payment Card Industry Data Security Standard.
SOC 2
↗AICPA Trust Services Criteria for service organizations.
CMMC
↗Cybersecurity Maturity Model Certification for the US DIB.
IEC 62443
↗Industrial automation and control systems security standards.
Regulatory
7HIPAA Security Rule
↗US healthcare data protection requirements.
GDPR
↗EU General Data Protection Regulation.
EU DORA
↗Digital Operational Resilience Act for EU financial entities.
EU NIS2 Directive
↗Network and Information Security directive for EU essential and important entities.
EU AI Act
↗European regulation on artificial intelligence.
CCPA / CPRA
↗California Consumer Privacy Act.
FedRAMP
↗US Federal cloud authorization program.
Tools
22Atomic Red Team
↗Small, portable tests mapped to MITRE ATT&CK.
MITRE CALDERA
↗Automated adversary emulation platform.
Velociraptor
↗Endpoint monitoring, digital forensics and cyber response.
KAPE
↗Kroll Artifact Parser and Extractor for forensics triage.
Autopsy
↗Open-source digital forensics platform.
TheHive
↗Scalable open-source security incident response platform.
MISP
↗Open source threat intelligence sharing platform.
OpenCTI
↗Open cyber threat intelligence platform.
Wazuh
↗Open source SIEM/XDR platform.
Suricata / ET Open
↗Open source IDS/IPS with Emerging Threats rules.
Zeek
↗Powerful network analysis framework.
Nuclei Templates
↗Fast community-powered vulnerability scanner.
Trivy
↗Comprehensive vulnerability scanner for containers, IaC and code.
Grype
↗Vulnerability scanner for container images and filesystems.
Semgrep Rules
↗Static analysis rule set from Semgrep community.
Kubescape
↗Kubernetes posture management.
Falco
↗Cloud-native runtime security.
Prowler
↗Cloud security assessment tool (AWS/Azure/GCP/K8s).
ScoutSuite
↗Multi-cloud security auditing tool.
kube-bench
↗CIS Kubernetes Benchmark checker.
Gitleaks
↗Detect secrets in git repos.
TruffleHog
↗Find and verify leaked credentials.
Rule Repos
4Sigma Rules
↗Generic signature format for SIEM detections.
YARA Rules (Neo23x0)
↗Curated YARA rule repository by Florian Roth.
Elastic Detection Rules
↗Prebuilt detection rules for Elastic Security.
Splunk Security Content
↗Splunk's open detection content and analytic stories.
Playbooks
3IOC Feeds
10URLhaus (abuse.ch)
↗Malware distribution URL feed.
ThreatFox (abuse.ch)
↗IOC sharing platform.
MalwareBazaar (abuse.ch)
↗Malware sample sharing.
Feodo Tracker (abuse.ch)
↗Emotet/Dridex/TrickBot C2 tracker.
AlienVault OTX
↗Open Threat Exchange community intel.
Spamhaus DROP
↗Don't Route Or Peer IP blocklists.
Emerging Threats Open
↗Open ruleset and blocklists.
PhishTank
↗Community phishing URL database.
OpenPhish
↗Phishing intelligence feeds.
CINS Army List
↗Sentinel IPS reputation list.
Missing a source you rely on? Set up an alerting rule and we'll factor it in.
