View CSV Feeds

  • Release version: Australia
  • Updated April 28, 2026
  • 1 minute to read

    • View configured CSV feeds to monitor data import sources and their current status. Use this to verify feed configurations and troubleshoot import issues.

    Before you begin

    Role required: sn_sec_tisc.admin

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Select the Integrations icon.
    3. Select CSV.
      The CSV feeds within the base system are explained in the following table.
      ThreatFeed Description URL
      PhishStats Phishing URLs from the past 30 days from PhishStats. https://phishstats.info/phish_score.csv
      Abuse.ch SSL Certificate Denylist The SSL Certificate Denylist (CSV) is a CSV that contains SHA1 Fingerprint of all SSL certificates denied on SSLBL. https://sslbl.abuse.ch/blacklist/sslblacklist.csv
      Botnet C2 IP Denylist An SSL certificate can be associated with one or more servers (IP address:port combination). SSLBL collects IP addresses that are running with an SSL certificate denied on SSLBL. These are usually botnet Command&Control servers (C&C). SSLBL publishes a denylist containing these IPs to detect botnet C2 traffic from infected machines. https://sslbl.abuse.ch/blacklist/sslipblacklist.csv
      Phishtank online NA https://data.phishtank.com/data/online-valid.csv
    4. Select Edit to edit the feed and make necessary updates.
    5. Select Save to apply the changes.