Stay ahead of cyber threats with our intelligence tools

Enhance your business's security with our solutions that deliver real-time intelligence on emerging cyber threats. Choose from our comprehensive range of offerings, including raw data feeds, APIs, and web lookup, all designed for seamless integration with your existing security infrastructure. This ensures rapid threat detection and response, strengthening your business's defenses.

Our products

Our tools are designed to evaluate IP addresses, provide a security assessment, and deliver comprehensive threat intelligence information.

Lookup

Web tool designed for security engineers to quickly evaluate suspicious IPs directly through our website's interface. It delivers a comprehensive security assessment, outlines potential threats, and provides threat intelligence.

API

Offers a detailed security evaluation, highlighting potential risks and delivering threat intelligence. It's an essential tool for augmenting your current security setup with our expert insights. With functionality mirroring our Lookup service, it seamlessly integrates into your security platform.

Documentation →

Data Feed

Equips your security systems with a comprehensive list of IoCs for automatic threat detection and response, enhanced with reach threat intelligence. Available as daily updates or real-time streaming.

Documentation →

Use cases

Enhance your organization's cybersecurity efforts:

Automated Threat Detection

Integrate our threat intelligence Data Feeds and APIs to automatically detect and flag indicators of compromise (IoCs).

Enrichment of Security Data

Use our threat intelligence to enrich alerts and incidents with contextual data, helping security analysts to understand the nature and severity of threats, prioritize and respond to threats more effectively.

Integration with SIEM & SOAR

Integrate with Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to streamline security operations and improve incident response.

Our data enrichments

Explore the output from our Data Feed and API using our Web Lookup. Simply enter an IP address and visualize the data we provide. If you prefer documentation, please refer to our Data Feed Docs.

IP Threat Assessment

Assess whether an IP is classified as a Threat, Benign, Suspicious, or Unknown. For identified threats, provide details regarding the type of the threat.

- Verdict
- Threat Score
- Threat Type
- First/Last Seen

IP Geolocation

Obtain the geolocation information for the IP address.

- Country
- Region
- City

Proxy Detection

Identify public VPNs or TOR exit nodes.

- Tor Exit Node Flag
- Public VPN Flag
- Public VPN Name

Reverse DNS (PTR)

Retrieve the PTR record and compare whether the reverse and direct resolution results match.

- PTR Record
- Records Match Flag

Benign Infrastructure Info

Verify if the IP belongs to any known benign crawler, bot, or service.

- Name
- Description
- Reference URLs

Known IPs

Display information on IP addresses connected to known internet services that are not anticipated to perform legitimate infrastructure scans or crawls.

- Name
- Description
- Reference URLs

AS Info

Display autonomous system details.

- ASN
- Name
- Domain Name

WHOIS (IP Netblock) Info

Retrieve IP Netblock (WHOIS) information for the IP address, supplemented with the general threat score for this block.

- Netblock Threat Score
- Registrar Organization
- Range Borders
- Network Name
- Organization Details
- Admin/Tech/Abuse Contact Info
- Last Modified

Malicious Activity Details

Provide specific details regarding the exact attack attempted from the IP address.

- Type of Attack
- Signature
- Severity
- CVE
- Last Activity

We cover the following threat types

Attack

Malicious activity detected from the host.

C2 (C&C)

Known botnet's "Command and Control" hosts.

Malware

Hosts related to malicious software distribution.

Phishing

Hosts involved in phishing activity.

Spam

Hosts engaged in sending spam.

Suspicious

Hosts whose activity hasn't been confirmed as malicious but remains suspicious. For example, it could involve hosts scraping websites or sending a large number of ICMP queries.

Our Threat Intelligence data sources

By combining data from the following multiple sources, our products provide you with a comprehensive and accurate view of the threat landscape, enabling you to take proactive steps to protect your organization from cyber threats.

OSINT

We collect indicators of compromise (IoCs) and threat data from open sources, combining details from nearly all available public sources into one centralized location.

Honeypots/sensors

We operate a custom network of honeypots to trap and study attacks's infrastructure.

Algorithmic and Machine Learning Analysis

We use known IoCs to predict and discover new potential threats, which we then validate and incorporate into our database.

Abuse Reports

We gather abuse reports and scrutinize them for insights.

In-House Research

Our specialist team conducts independent research to pinpoint and dissect new IoCs.

Own Data Enrichments

We continuously collect, process, and unify essential enrichment data, including IP Geolocation, Proxy Detection, Reverse DNS (PTR), AS Information, WHOIS (IP Netblock) Information, and more.

You’ll be in good company

Our solutions are already used by HiQ Finland, Deloitte, Amesan Consulting, Swedbank, Cisco, Accenture, Nielsen Suomi, CGI, Telia, Digital Ocean, University of Southern California, and others.

Experience our data in action with a live IP Lookup

Contact Us

Have a technical issue? Want to provide feedback? Need information about our subscription plans? We're here to help! Please note that our services are exclusively for registered companies. Requests from private individuals or emails that do not match the company domain name will not be processed. You can also reach us at support@falconsentinel.com.