This is a a fundamental need at this point, and I think I've done as much customizing as I can to deal with this. At some point, Cisco need to step up.
I've experimented with a few public ones - abuse.ch, lehigh, phishtank - via hailataxii, but haven't found any so far that provide value beyond what ESA is doing for me.I remain confident, though, and continue to look.
charella, Have you entered those hailataxii values into CTR setup? I've tried those, and variations, and am consistently getting an error. This is as guest/guest or anonymous (no user); with or without a trailing slash on the polling path; etc. Use H...
I'm in initial vetting on them, but you're welcome to take a look as well:
https://otx.alienvault.com/taxii/discovery
https://open.taxiistand.com/services/discovery https://limo.anomali.com/api/v1/taxii/taxii-discovery-service/
