Download Arctic Wolf IoC lists

Arctic Wolf® maintains comprehensive Indicators of Compromise (IoCs) lists based on ongoing threat intelligence research. You can use this information to augment or enhance your cybersecurity infrastructure, such as adding suspicious IP addresses to a firewall denylist or annotations for IoCs in a cybersecurity system.

These lists are available as downloadable TXT files:
  • Suspicious IP addresses
  • Suspicious domains
  • Suspicious URLs
  • Suspicious file hashes

To automatically sync these lists with your firewall, use the Blocklist API. For more information, see Threat intelligence feed.

These resources are required:

  • A Threat Intelligence Plus subscription

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Threat Intelligence > IoC Blocklists.
  3. In the Actions column, click Download.