FalconSentinel
Contact us
FalconSentinel
Threat Intelligence Data FeedThreat Intelligence APIThreat Intelligence Lookup
DocumentationFAQStatisticsAbout Us
Contact us

Threat Intelligence API

Offers a detailed security evaluation, highlighting potential risks and delivering threat intelligence. It's an essential tool for augmenting your current security setup with our expert insights. With functionality mirroring our Lookup service, it seamlessly integrates into your security platform.

Documentation →

Examples: ...

Subscription plan:

{
  "firstSeen": 1678320000,
  "lastSeen": 1722394965,
  "verdict": "Threat",
  "score": 1,
  "threatTypes": [
    "Malware",
    "Attack"
  ],
  "location": {
    "country": "United States of America",
    "region": "California",
    "city": "Pleasanton"
  },
  "ptr": {
    "value": "scan-50a.shadowserver.org.",
    "reverseMatch": true
  },
  "netblock": {
    "inetnum": "64.62.128.0 - 64.62.255.255",
    "parent": "NET-64-0-0-0-0",
    "source": "arin",
    "netname": "HURRICANE-4",
    "modified": "2012-02-24T09:44:34-05:00",
    "score": 0.0308,
    "organization": {
      "id": "HURC",
      "name": "Hurricane Electric LLC",
      "email": "",
      "phone": "",
      "address": [
        "760 Mission Court",
        "Fremont",
        "CA",
        "94539",
        "United States"
      ]
    },
    "techContact": {
      "id": "ZH17-ARIN",
      "role": "Hurricane Electric",
      "email": "hostmaster@he.net",
      "phone": "+1-510-580-4100",
      "address": [
        "760 Mission Court",
        "Fremont",
        "CA",
        "94539",
        "United States"
      ]
    },
    "abuseContact": {
      "id": "ABUSE1036-ARIN",
      "role": "Abuse Department",
      "email": "abuse@he.net",
      "phone": "+1-510-580-4100",
      "address": [
        "760 Mission Court",
        "Fremont",
        "CA",
        "94539",
        "United States"
      ]
    }
  },
  "asn": {
    "asn": 6939,
    "name": "Hurricane Electric",
    "domain": "http://he.net"
  },
  "publicVPN": false,
  "torExitNode": false
}

Use cases

Enhance your organization's cybersecurity efforts:

Automated Threat Detection

Integrate our threat intelligence Data Feeds and APIs to automatically detect and flag indicators of compromise (IoCs).

Enrichment of Security Data

Use our threat intelligence to enrich alerts and incidents with contextual data, helping security analysts to understand the nature and severity of threats, prioritize and respond to threats more effectively.

Integration with SIEM & SOAR

Integrate with Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to streamline security operations and improve incident response.

Our data enrichments

Explore the output from our Data Feed and API using our Web Lookup. Simply enter an IP address and visualize the data we provide. If you prefer documentation, please refer to our Data Feed Docs.

IP Threat Assessment

Assess whether an IP is classified as a Threat, Benign, Suspicious, or Unknown. For identified threats, provide details regarding the type of the threat.

  • - Verdict
  • - Threat Score
  • - Threat Type
  • - First/Last Seen

IP Geolocation

Obtain the geolocation information for the IP address.

  • - Country
  • - Region
  • - City

Proxy Detection

Identify public VPNs or TOR exit nodes.

  • - Tor Exit Node Flag
  • - Public VPN Flag
  • - Public VPN Name

Reverse DNS (PTR)

Retrieve the PTR record and compare whether the reverse and direct resolution results match.

  • - PTR Record
  • - Records Match Flag

Benign Infrastructure Info

Verify if the IP belongs to any known benign crawler, bot, or service.

  • - Name
  • - Description
  • - Reference URLs

Known IPs

Display information on IP addresses connected to known internet services that are not anticipated to perform legitimate infrastructure scans or crawls.

  • - Name
  • - Description
  • - Reference URLs

AS Info

Display autonomous system details.

  • - ASN
  • - Name
  • - Domain Name

WHOIS (IP Netblock) Info

Retrieve IP Netblock (WHOIS) information for the IP address, supplemented with the general threat score for this block.

  • - Netblock Threat Score
  • - Registrar Organization
  • - Range Borders
  • - Network Name
  • - Organization Details
  • - Admin/Tech/Abuse Contact Info
  • - Last Modified

We cover the following threat types

Attack

Malicious activity detected from the host.

C2 (C&C)

Known botnet's "Command and Control" hosts.

Malware

Hosts related to malicious software distribution.

Phishing

Hosts involved in phishing activity.

Spam

Hosts engaged in sending spam.

Suspicious

Hosts whose activity hasn't been confirmed as malicious but remains suspicious. For example, it could involve hosts scraping websites or sending a large number of ICMP queries.

Our Threat Intelligence data sources

By combining data from the following multiple sources, our products provide you with a comprehensive and accurate view of the threat landscape, enabling you to take proactive steps to protect your organization from cyber threats.

OSINT

We collect indicators of compromise (IoCs) and threat data from open sources, combining details from nearly all available public sources into one centralized location.

Honeypots/sensors

We operate a custom network of honeypots to trap and study attacks's infrastructure.

Algorithmic and Machine Learning Analysis

We use known IoCs to predict and discover new potential threats, which we then validate and incorporate into our database.

Abuse Reports

We gather abuse reports and scrutinize them for insights.

In-House Research

Our specialist team conducts independent research to pinpoint and dissect new IoCs.

Own Data Enrichments

We continuously collect, process, and unify essential enrichment data, including IP Geolocation, Proxy Detection, Reverse DNS (PTR), AS Information, WHOIS (IP Netblock) Information, and more.

You’ll be in good company

Our solutions are already used by HiQ Finland, Deloitte, Amesan Consulting, Swedbank, Cisco, Accenture, Nielsen Suomi, CGI, Telia, Digital Ocean, University of Southern California, and others.

Pricing plans

Billed MonthlyBilled Annually🎁 2 months FREE
CoreProfessionalUltimateEnterprise
Requests per day1005002,500Custom
Request per minute1560Custom
"realTimeData" flag allowed
Output fields

Core fields:

  • Verdict
  • Threat Score
  • Threat Type
  • First/Last Seen

All from Core, plus:

  • Benign Infrastructure Info
  • Known IPs Info
  • IP Geolocation Info
  • Tor Exit Node flag
  • Public VPN Info
  • PTR Record Info

All from Professional, plus:

  • ASN Info
  • IP Netblock Score
  • WHOIS (Netblock) Info

All from Ultimate, plus:

  • Custom data enrichments (upon request)
Dedicated support
Custom output formats
Custom data enrichments
Price$390/mo$990/mo$2,900/moCustom

Please note that our services are exclusively for registered companies. Orders from private individuals or emails that do not match the company domain name will not be processed.

For invoice payments, please get in touch with us via support@falconsentinel.com or Contact us form.

Experience our data in action with a live IP Lookup

Examples: ...

Contact Us

Have a technical issue? Want to provide feedback? Need information about our subscription plans? We're here to help! Please note that our services are exclusively for registered companies. Requests from private individuals or emails that do not match the company domain name will not be processed. You can also reach us at support@falconsentinel.com.