About Kaspersky Threat Data Feeds

Latest update: May 16, 2023 ID: 13849

Cyber threats are constantly growing in frequency and complexity. Criminals use complicated intrusion kill chains, campaigns and customized Tactics, Techniques and Procedures (TTPs) to bypass your security controls and disrupt your business. Kaspersky offers continuously updated Threat Data Feeds to detect malicious activity on your enterprise network.



Threat Intelligence is aggregated from fused, heterogeneous and highly reliable sources such as Kaspersky Security Network (KSN) and our own web crawlers, Botnet Monitoring service (24/7/365 monitoring of botnets, their targets and activities) and spam traps.

We also receive data from research teams, the deep web, partners and other historical data about malicious objects collected by Kaspersky over 2 decades.

All the aggregated data is carefully inspected and refined in real-time using multiple preprocessing techniques, such as statistical criteria, Kaspersky Expert Systems (sandboxes, heuristics engines, similarity tools, behavior profiling etc.), analysts validation and allowlisting verification. As a result, Kaspersky Threat Data Feeds contain thoroughly vetted threat indicator data sourced from the real world, in real time.

For more information about Kaspersky Threat Data Feeds, please download the following leaflet or go to this website.

Watch this video explaining how to improve your company's cyber security with Kaspersky Threat Data Feeds.


What feeds does Kaspersky provide?


What is contained in the feeds?


How often are the feeds updated?


How are the feeds delivered?


What format are the feeds in?


Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.