A
threat feed provides real-time IoCs (malicious IPs, domains, hashes) for automatic blocking and detection — integrated into firewalls, proxies, SIEM, and DNS sinkholes.
Free feeds: AlienVault OTX, abuse.ch, CISA KEV, Cisco Talos. Commercial: Mandiant, CrowdStrike, Recorded Future. Quality > quantity — a bad feed = false positives that block legitimate traffic. Automate IoC ingestion for timeliness.