RE: https://infosec.exchange/@reput_io/116720740952715024

We tell you what's demonstrably legitimate: CDNs, cloud ranges, gov registries, SaaS infra, so analysts can dismiss false positives in seconds instead of investigating them for minutes.

That's an interesting approach. #GAYINT tells you about them ( for free ) so you can block them. Different strokes, I guess.

@cR0w "Demonstrably legitimate [...] CDNs [..]"

CDNs and Cloud Ranges are where most of our malicious traffic originate. These guys are destined for litigation...

@cR0w as an (ex) Red Teamer I support fully reput's approach!

@cR0w Yep, really complementary. Blocklists catch known-bad; we clear known-good so analysts stop burning time triaging legit infra. Both together beats either alone

@mathaetaes Agreed, which is why CDN and cloud stay at investigate with low trust in our output, never "benign". They can host C2 and we say so.

Actually my intro wording was sloppy, let me rephrase that, thanks!