Critical-risk tools in Nullcone Threat Intelligence
3 of the 30 tools in Nullcone Threat Intelligence are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
drain_subscriptionDestructiveDrain the buffer of a stateful subscription created by subscribe_threats(). Returns all IOCs delivered to this subscription since the last drain. Each subscription...
-
revoke_iocDestructiveRevoke an IOC by its value hash, pushing the expiration event to all active subscriptions in real-time. Call this when an IOC is determined to be a false positive,...
-
unsubscribeDestructiveCancel a stateful subscription and free its buffer. Call this when you no longer need the subscription to release memory. Subscriptions also auto-expire after 1 ho...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.