Hello, welcome to the Friday, September 10, 2021 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Well, first of all, I wrote a quick blog post with some of the updates that we made to our APIs, our data feeds.

Pretty much all the data that we present on the shield Internet

Storm Center websites can be retrieved via these APIs. The goal here is to essentially use the data

to augment your log data, as I sometimes put it to add color to your logs.

For example, we just added additional sources to our researcher feed.

That's IP addresses that are scanning the internet for vulnerabilities on behalf of companies or universities and such that are enumerating systems that are listed in open ports

that are affected by known vulnerabilities.

Shodan census are probably the two big ones here, but there are, well, I think now about

two dozens.

And while the list is probably far from complete, it's pretty good estimate of these IP addresses.

Also, very experimental feat of recently registered domains.

That's updated daily, and we'll see how this goes.

It doesn't cover all the top level domains in particular

for some of the country level domains. It's difficult to obtain that data, but should cover

sort of most of the generic top level domains and also some of the traditionals like your dot-coms.

So take a look at the blog post if you're interested or at the documentation for our API.

I need to still improve the documentation a little bit.

Let me know if you run to any problems.

Two requests if you're using this.

...