Data Sources & Methodology¶
Last updated: 2026-04-01 07:21 UTC
How This Dashboard Works¶
This dashboard is automatically generated by a Python data pipeline that:
- Fetches data from multiple threat intelligence sources via APIs and RSS feeds
- Processes and analyses the raw data to extract key metrics and trends
- Generates MkDocs markdown pages with embedded data and chart configurations
- Builds the static site using MkDocs with the Material theme
- Deploys to GitHub Pages via GitHub Actions
The pipeline runs on a scheduled basis (configurable via GitHub Actions cron) to keep data current.
Data Sources¶
Australian Government¶
| Source | Type | URL | Update Frequency |
|---|---|---|---|
| ASD/ACSC Alerts | RSS Feed | cyber.gov.au | As published |
| ASD/ACSC Advisories | RSS Feed | cyber.gov.au | As published |
| CCCS Advisories (Canada) | Atom Feed | cyber.gc.ca | As published |
| NCSC UK Reports | RSS Feed | ncsc.gov.uk | As published |
| OAIC NDB Reports | Curated data | oaic.gov.au | Bi-annual |
International Government¶
| Source | Type | URL | Update Frequency |
|---|---|---|---|
| CISA Advisories | RSS Feed | cisa.gov | As published |
| CISA ICS-CERT | RSS Feed | cisa.gov | As published |
| CISA KEV Catalog | JSON API | cisa.gov | As updated |
| NVD (CVE Database) | REST API | nvd.nist.gov | Continuous |
Community Threat Intelligence¶
| Source | Type | URL | Update Frequency |
|---|---|---|---|
| abuse.ch URLhaus | REST API | urlhaus.abuse.ch | Real-time |
| abuse.ch ThreatFox | REST API | threatfox.abuse.ch | Real-time |
| abuse.ch MalwareBazaar | REST API | bazaar.abuse.ch | Real-time |
| AlienVault OTX | REST API | otx.alienvault.com | Real-time |
Strategic & Geopolitical¶
| Source | Type | URL | Update Frequency |
|---|---|---|---|
| ASPI (The Strategist) | RSS Feed | aspi.org.au | As published |
| BleepingComputer | RSS Feed | bleepingcomputer.com | As published |
Optional (API Key Required)¶
| Source | Type | URL | Environment Variable |
|---|---|---|---|
| NVD | REST API | nvd.nist.gov | NVD_API_KEY |
| AlienVault OTX | REST API | otx.alienvault.com | OTX_API_KEY |
| GreyNoise | REST API | greynoise.io | GREYNOISE_API_KEY |
| Shodan | REST API | shodan.io | SHODAN_API_KEY |
| abuse.ch | REST API | abuse.ch | ABUSE_CH_AUTH_KEY |
API Key Setup Guide¶
All API keys are optional. The dashboard will still build without them, but enabling them unlocks richer data. Keys should be stored as GitHub Secrets (Settings > Secrets and variables > Actions) for the automated pipeline, or as environment variables for local development.
NVD (National Vulnerability Database)¶
The NVD API works without a key, but rate-limits unauthenticated requests to 5 per 30 seconds. With a key, you get 50 per 30 seconds.
- Go to https://nvd.nist.gov/developers/request-an-api-key
- Enter your email address and organisation
- Check your inbox for the API key (arrives within minutes)
- GitHub Secret name:
NVD_API_KEY
Cost: Free, no usage limits beyond rate throttling.
AlienVault OTX (Open Threat Exchange)¶
OTX provides community-sourced threat intelligence pulses, IOCs, and adversary tracking.
- Go to https://otx.alienvault.com/ and create a free account
- Once logged in, go to Settings (click your avatar, top-right)
- Your API key is displayed under OTX Key on the settings page
- Optionally subscribe to relevant pulses (e.g. search for "Australia", "APT40", "Critical Infrastructure") to get more targeted data
- GitHub Secret name:
OTX_API_KEY
Cost: Free. No usage limits for the public API.
GreyNoise¶
GreyNoise classifies internet scanning traffic as benign or malicious. The community tier provides basic IP lookups.
- Go to https://viz.greynoise.io/signup and create a free Community account
- Once logged in, go to Account > API Key
- Copy the API key
- GitHub Secret name:
GREYNOISE_API_KEY
Cost: Free Community tier (limited queries/day). Paid tiers available for full trend data and bulk lookups.
Shodan¶
Shodan indexes internet-facing devices and services globally. Used here to query Australian IP space exposure.
- Go to https://account.shodan.io/register and create an account
- Once logged in, your API key is shown on the Account page
- The free tier provides basic search. A paid membership (one-time USD $49 for lifetime) unlocks filters like
country:AU - GitHub Secret name:
SHODAN_API_KEY
Cost: Free tier available. Lifetime membership recommended for country-level queries.
abuse.ch (URLhaus, ThreatFox, MalwareBazaar)¶
abuse.ch threat intelligence APIs have required authentication since June 2025. An Auth-Key is needed for URLhaus, ThreatFox, and MalwareBazaar.
- Go to https://auth.abuse.ch/ and register for a free account
- Once registered and logged in, navigate to your profile/account settings
- Copy your Auth-Key (API authentication key)
- GitHub Secret name:
ABUSE_CH_AUTH_KEY
Cost: Free. Community-driven threat intelligence platform.
Adding Secrets to GitHub¶
In your repository:
- Go to Settings > Secrets and variables > Actions
- Click New repository secret
- Add each key with the exact name shown above (e.g.
NVD_API_KEY) - The GitHub Actions workflow already references these secrets
Architecture¶
graph LR
A[RSS Feeds] --> D[Python Fetchers]
B[REST APIs] --> D
C[Curated Data] --> D
D --> E[JSON Data Files]
E --> F[Page Generator]
F --> G[MkDocs Markdown]
G --> H[MkDocs Build]
H --> I[GitHub Pages]Running Locally¶
# Install dependencies
pip install -r requirements.txt
# Set API keys (optional, enhances data)
export SHODAN_API_KEY="your-key"
export NVD_API_KEY="your-key"
export OTX_API_KEY="your-key"
export GREYNOISE_API_KEY="your-key"
export ABUSE_CH_AUTH_KEY="your-key"
# Fetch data and generate pages
python -m scripts.build_all
# Preview locally
mkdocs serve
# Build static site
mkdocs build