Threat Intelligence

Avira’s Threat Intelligence Feeds provide comprehensive, clear and simple to consume intelligence that has a high degree of relevance to security vendors and service providers.

File Reputation Feed

Avira’s  File Reputation Feed contains the key attributes to enable the identification of clean and malware files.

The File Reputation Feed includes reputation data developed on Windows files, Android, binaries and documents. It is delivered every 60 seconds with a delay of no more than 300 seconds ensuring your intelligence is never out of date, and always valid. 

Features

File information includes
Hashes, time stamps, file size, and formats.

Easy to consume
Data is delivered in an easy-to-consume JSON format.

Secure and reliable
Hosted in a secure Amazon S3 service.

Easy integration
Does not require implementation of special code or infrastructure (SDK or API).

Features

File information
Includes the basic data on hashes, timestamps, size, and formats.

Classification intelligence
Identifies the malware and its function.

Static intelligence
Includes the attributes of related certificates, and the association of the file with particular exploits.

Dynamic intelligence
Provides the details of the impact on the file system, registry, network and API calls, injections, and mutexes.

Infection intelligence
Delivers intelligence associated with the attack vectors and procedures used.

Operational intelligence
Developed to provide details on the prevalence and source, and a summary of tactics and procedures.

File Intelligence Feed

Avira’s  File Intelligence Feed contains extensive, detailed, and highly actionable intelligence developed by the Avira Protection Cloud.

The File Intelligence Feed includes intelligence  developed on Windows and Android files, and is delivered every 60 seconds with a delay of no more than 300 seconds helping to ensure your intelligence is always valid.

IP Reputation Feed

The IP addresses that host malware, phishing or botnet traffic change often. These compromised addresses create a problem for security teams who must react quickly but with confidence to a changing threat landscape.

The Avira IP Reputation Feed updates daily to enable security teams to easily identify IP addresses that host suspicious objects. Each IP identified in the reputation feed is delivered with a corresponding reputation value and its associated confidence value.

Features

IP Information
The metadata contained in the IP information includes the timestamp when the IP was first seen by our systems, the timestamp when the reputation was computed, and the associated reputation score and confidence

Score & Confidence Value
For each IP, reputation score and confidence values are provided with a value between 0 and 100.
The higher the reputation score, the more suspicious the activity was observed. The higher the confidence, the more reliable the associated score.

Easy to consume
Data is delivered in an easy-to- consume JSON format

Easy integration
Does not require implementation of special code or infrastructure (SDK or API).

Features

URL information including
Original URL, hashes, timestamps and classification.

Easy to consume
Data is delivered in an easy-to- consume JSON format.

Secure and reliable
Hosted in a secure Amazon S3 service.

Easy integration
Does not require implementation of special code or infrastructure (SDK or API).

Reputation data includes
URL security categories and Phishing.

Web Reputation Feed

Avira’s Web Reputation Feed contains the key attributes to help enable the identification of domains and URLs that contain malicious or potentially malicious content.

The Web Reputation Feed includes reputation data developed on the URL, including hashes, original URL timestamps, and the classification. It is delivered every 60 seconds with a delay of no more than 300 seconds helping to ensure your intelligence always valid.

Domain Categorization Feed

Avira’s Domain Categorization contains security classification and content categorization for the corresponding domains compliant with IAB-1, tiers 1 and 2.

The 400+ content categories provided at a domain or sub-domain level are particularly useful for vendors requiring content intelligence to enable parental control, productivity, or general domain categorization.

Features

Easy integration
Simple and flexible integration options enable you to integrate the latest domain classification and reputation intelligence.

Content categorization
400+ domain or sub-domain categories compliant with IAB-1, tier 1 and tier 2.

Parental control
Categories for parental control, productivity, or general domain categorization include IAB25-3 Adult Content, IAB12-
WS1 Social Networking, or IAB17 Sports.

Easy to consume
Domain categorization data is delivered in an easy-to-consume JSON format.

Features

On-demand threat intelligence
Benefit from Avira’s threat intelligence database developed on the basis of three decades of malware analysis.

Delivered in real-time
Powerful hash evaluation technology and a database of over a billion entries provide immediate comparison with known threats.

Personalized threat intelligence
Option to upload all, or specific file types, and receive the analysis results (malware or clean) within seconds.

Platform agnostic
Accessed using a REST API, architected for both premise-to-cloud and cloud-to-cloud integration. 

Secure and reliable
Delivered from the cloud, it’s highly available, reliable, and scalable.

Direct or cloud-to-cloud access
Flexible implementation makes it quick and easy to get started.

File Reputation API

The File Reputation API provides simple, on-demand access to Avira's threat intelligence. It enables technology partners to submit a file hash for evaluation or upload a file to the Avira Protection Cloud for analysis.

Hash inquiries are evaluated, and a result returned within tens of milliseconds. If the hash is unrecognized, the suspicious file can be sent to the Avira Protection Cloud for full analysis. 

Web Reputation API

Avira’s Web Reputation API offers a real-time, site-specific query approach to identifying malicious URLs and inappropriate internet sites. Delivered as part of Avira’s portfolio of threat intelligence solutions, the API provides an on-demand, usage-based alternative to a threat intelligence feed of web reputation data. It is an ideal solution for Security as a Service applications, firewalls, routers, email and web traffic scanning as well as internet content filtering.

Threat classifications provides information on  whether a site or domain is blacklisted, contains PUAs, or is safe and clean. Content categorization delivers real-time information on the domain compliant with IAB-1, tier 1 and 2.

Features

Threat classification
Includes safe, malware, spam, PUA, phishing and more.

Content categorization
400 categories compliant with IAB-1, tier 1 and tier 2.

Platform agnostic
Accessed using a REST API, architected for both premise-to-cloud and cloud-to-cloud integration.

Real-time response
Typically within 10ms.

Features

Threat intelligence reports
The Cloud Sandbox API will deliver an unparalleled level of detail in terms of malware analysis and intelligence.

Highly scalable
Scale malware analysis without impacting internal systems or
having to purchase additional hardware.

On-demand
On-demand malware analysis service via a REST API.

Platform agnostic
No local infrastructure, easy to integrate.

Cloud Sandbox API

The Avira Cloud Sandbox API enables security vendors and service providers to submit files and receive detailed threat intelligence reports containing a complete threat assessment.

It is the security industry's most powerful and scalable malware analysis service. The Avira Cloud Sandbox utilizes the most advanced file analysis, deep inspection and award-winning dynamic detonation technologies to develop detailed threat intelligence.

Let's have a chat about how we can offer you a tailored solution...

Enhance your own threat intelligence with Avira's unique, comprehensive, and easy-to-consume cyber-threat feeds. Contact your local integration team now:

Contact us