File Indicators Feed — Spectra Intelligence
The Malicious File Indicator feeds provide continuous streams of newly detected malware samples, AV scan results, and classification changes from the Spectra Intelligence system.
Common Use Cases
Get newly detected malware
- Malware detection feed (TCF-0101) - Continuous list of samples with at least one AV detection.
- Malware detection feed (platform-filtered) (TCF-0102-0106) - Malware detections filtered by platform (Windows, Android, macOS, etc.).
Track all scanned files
- New files (first scan) (TCF-0107) - Files scanned for the first time in the system.
- New files (first and rescan) (TCF-0108) - All files scanned or rescanned.
Monitor classification changes
- Files with detection changes (TCF-0109) - Files showing detection changes between AV scans.
- Malware presence change events feed (TCF-0111) - New malicious samples, false positives, and threat name changes.
All Malicious File Indicator Feeds
📄️ TCF-0101 — Malware Detection Feed
Consume TCF-0101 to receive a continuous stream of new samples with at least one AV scanner detection, including file hashes, file type, and targeted platform.
📄️ TCF-0102-0106 — Platform-Filtered Malware Feed
Consume TCF-0102-0106 to get platform-filtered malware detections from Spectra Intelligence; separate feeds for Windows, Android, macOS, and other platforms.
📄️ TCF-0107 — New Files (First Scan)
Consume TCF-0107 to receive a continuous stream of file hashes scanned for the first time in Spectra Intelligence; records are retained for 365 days.
📄️ TCF-0108 — New Files (First and Rescan)
Consume TCF-0108 to receive a continuous list of Spectra Intelligence samples that have been scanned for the first time or rescanned; records retained for 365 days.
📄️ TCF-0109 — Files with Detection Changes
Consume TCF-0109 to receive a continuous list of Spectra Intelligence samples showing detection changes between multi-AV scan reports; records retained for 365 days.
📄️ TCF-0111 — Malware Presence Change Events
Consume TCF-0111 to receive new malicious samples, false positive reclassifications, and threat name changes from the Spectra Intelligence malware presence change events feed.