Gerenderte Dokumentation
Diese Seite rendert das Markdown und Mermaid des Moduls direkt aus der offentlichen Dokumentationsquelle.
Overview#
The OSINT (Open Source Intelligence) domain provides access to external intelligence providers for IP and domain analysis, threat intelligence, and file scanning. It integrates with multiple providers to enrich investigation data with external intelligence sources while respecting Traffic Light Protocol sharing classifications.
Key Features#
- Unified query interface across multiple external intelligence providers
- IP and domain analysis for infrastructure reconnaissance
- File scanning and malware reputation checking
- Threat intelligence enrichment from external feeds
- Traffic Light Protocol (TLP) compliance for data sharing classification (white, green, amber, red)
- Provider-specific deep dive capabilities for detailed analysis
- Observable enrichment for indicators of compromise
Use Cases#
- Enriching investigation data with external intelligence on IP addresses and domains
- Scanning files and URLs for malware indicators through external analysis platforms
- Querying DNS and WHOIS intelligence for domain investigation
- Running deep analysis with extensible playbooks on suspicious observables
Integration#
The OSINT domain integrates with Threat for threat intelligence correlation, Malware for malware analysis, Indicator for IOC management, Investigation for case context, and Enrichment for data enrichment workflows.
Last Reviewed: 2026-02-05