In this blog's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of

Alternatively you can receive's blog as a feed.

Apr 07

Flexible taxonomies and new software for the tag2domain project

Domain Names are the center piece of locating services on the internet and they can be used for a variety of purposes and services. Understanding the type of services a Domain Name offers is one of the key aspects of Internet Security. In another post last year we already introduced tag2domain, our tagging / labelling framework for domain names that helps us to better understand this landscape of services and software.

Written by: Clemens Moritz

Mar 26

IntelMQ bug fix release 2.3.1

This IntelMQ version did not gain any major features and is a sole product maintenance release. It covers various minor error corrections in the IntelMQ software, and usability enhancements for the new API. We thank all contributors who participated in this release!

Written by: Sebastian Wagner

Mar 16

NIS2 Proposal: First feedback on the normative text

The first draft for the new NIS directive is a mixed bag: some points are very welcome, but a few things need to be changed.

This are my first remarks on the normative text.

Written by: Otmar Lendl

Mar 04

IntelMQ 2.3.0 with IntelMQ API, Docker, Shadowserver Reports API support, new documentation home and more

Today we released the newest IntelMQ version 2.3.0 along with its companion tools - the IntelMQ Manager and the new IntelMQ API.

This version comes with significant changes, being an important intermediate step for the 3.0 release scheduled for summer 2021.

Written by: Sebastian Wagner

Jan 22

A look at the NIS 2.0 Recitals

The EU Commission published a first draft of the new version of the NIS Directive. Here are my comments to the recitals that preface the actual normative text.

Written by: Otmar Lendl

Jan 20 URLhaus is a new data feed for our notifications

Since Wednesday January 13th, 2021 we are sending data of the URLhaus Feeds of the as part of our regular notifications to network owners.

In this article we describe how we process this feed using IntelMQ.

Written by: Sebastian Wagner

Nov 06

IntelMQ offers tutorial lessons and a new documentation page

The IntelMQ tutorial guides through various features and tools of IntelMQ while the new documentation page features a better reading experience and a significantly improved navigation

Written by: Sebastian Wagner

Oct 27

Development of the „Constituency-Portal“ 2.0

Our partner Intevation GmbH develops the next generation of the "Consituency-Portal", our tool for administraion of contact information.

Written by: Sebastian Wagner

Jul 09

tag2domain - a system for labeling DNS domains

tag2domain is a sub-project within the CEF-TC-2018-3 project of GmbH / It lays down the fundamental groundwork for doing proper statistics on IT security incidents for domain names (i.e. "how to label and count correctly in a future-proof way").

Written by: Aaron Kaplan

Jun 30

Tools for processing Certificate Transparency Log data of "certspotter" published

The Austrian Energy CERT and GovCERT Austria monitor the Certificate Transparency Logs ("CTL") for their constituents' domains to quickly detect and respond to any problems.

Written by: Sebastian Wagner