Belnet Threat Intelligence - Technical FAQ

Can my organisation receive Belnet Threat Intelligence?
How much does it cost?
How does Belnet Threat Intelligence work?
What information is included in the warning email?
Which vulnerabilities and infections does Belnet Threat Intelligence detect?
Who receives the warnings in my organisation?
Through which information channel do I receive my warnings?
How can I change the information channel?
How can I access the API?
 

Can my organisation receive Belnet Threat Intelligence?

Belnet Threat Intelligence is automatically available to all organisations that are connected to the Belnet network and have IP addresses provided by Belnet. 

How much does it cost?

Belnet Threat Intelligence is free and automatic. 

How does Belnet Threat Intelligence work?

  • Belnet, with the help of the CCB (Centre for Cybersecurity Belgium) and other sources (shadow servers, Sync all, etc.), detects potential vulnerabilities and infections found on your information systems.
  • You will automatically receive a warning email if one of your IP addresses is vulnerable. 

What information is included in the warning email?

Belnet sends you a semi-automated warning including:

  • The potentially vulnerable or infected IP address; 
  • The type of threat detected;
  • The date and time.

Which vulnerabilities and infections does Belnet Threat Intelligence detect?

  • Risks of botnet infections
  • Your NTP Version is potentially vulnerable
  • Your LDAP server is publicly accessible
  • Your Telnet server is publicly accessible
  • Your RDP server is publicly accessible
  • Your SMB server is publicly accessible
  • Your MS SQL server is publicly accessible
  • Your SNMP server is publicly accessible

Who receives the warnings in my organisation?

The warnings are sent by email to the SCP (security officer) in your organisation.

Through which information channel do I receive my warnings?

By default, Belnet sets up an information push via a classic ticket (with a corresponding email) for all customers, but you can also be notified via another channel if you wish:

  • Either by email only (without ticket reference).
  • Or via an API by retrieving the information yourself (so that you can associate it with your security systems). 

How can I change the information channel?

Contact our service desk by email: servicedesk@belnet.be or by phone: +32 (0)2 790.33.33

How can I access the API?

You can also be notified by retrieving the information yourself from the API.

  1. Request your access token by clicking on this link. You will be redirected to the Belnet R&E Federation IdP.
  2. Enter your Belnet Personal Login and copy the token displayed.
  3. Access the API via a rest tool with this URL: https://security-events.belnet.be/public/api/events/
  4. Add an authorisation header with token: + the generated token.

Example: Authorization: token 739676cba7c2f0c9614b529473461c254a1730ce

Note: there is only one token per customer; the previous token will be replaced if another request is made by the same account or another account linked to this customer.

Did you find this FAQ useful?

Copyright © 2021 Belnet.