We are planning a couple of updates to the ways data can be retrieved automatically from this site. The main reason for this is to make it easier for us to maintain and support some of these features. The main idea will be that we focus automatic data retrieval to our API (isc.sans.edu/api or dshield.org/api). It should be the only place that is used to have scripts retrieve data.
In the past, we had a couple of other pages that supported automatic data retrieval. For example, ipinfo_ascii.html . These pages will be phased out. We will first remove links to these pages and no longer "advertise" them. Secondly, the pages will be rate limited to only a few requests per hour. Finally, we will remove the pages. We may also do stricter filtering on user agents and other browser fingerprints to pages other than the API.
Sometime this year, we may also add a simple authentication to the API. We do not care who downloads our data, but it can be handy to be able to reach a user that is causing problems. It is helpful if you add contact information (e.g. an e-mail address) to your user agent. I will write up another diary once we defined the authentication mechanism. But we do expect to keep it simple (e.g. a static "authentication key" or a hash of an authentication key with a nonce) and we will still allow unauthenticated requests at a slower rate.
All our data is free to use for "non-commercial" use, meaning as long as you do not re-sell it. You can use the data for free to help you protect your company network. Also please understand that the data is provided "as is". It is, in my opinion, best used to provide context to your data, and should not be used as a simple blocklist.
In exchange for using our data, we hope that you help us make the data better by contributing your data.Intrusion Detection In-Depth - SANS Boston Summer 2019
Jan 6th 2016
3 years ago