Overview#
When a series of commercial burglaries clusters around a specific neighbourhood, experienced investigators know to check whether suspects announced themselves online. Social media posts, check-ins, and network connections routinely provide the timeline and location data that physical evidence alone cannot. Argus Social Media Intelligence (SOCMINT) makes that check systematic rather than opportunistic, monitoring 15+ major social media platforms continuously and surfacing relevant activity directly into investigation workflows.
The platform monitors, analyses, and operationalises intelligence from mainstream and regional social networks. It covers real-time keyword monitoring, account profiling, network mapping, coordinated campaign detection, and geospatial social media intelligence with AI-powered analysis across 50+ languages.
Key Features#
Multi-Platform Social Media Coverage#
Monitor the global social media landscape across 15+ platforms including Facebook, Twitter/X, Instagram, TikTok, Telegram, Discord, YouTube, LinkedIn, Reddit, WhatsApp, Snapchat, WeChat, VKontakte, Parler, and Truth Social. Disparate social conversations unify into entity profiles, network graphs, and threat assessments.
Advanced Account Profiling and Attribution#
AI-powered analysis of posting patterns, linguistic fingerprints, network connections, and behavioural indicators builds identity profiles from fragmented social media activity. Accurate attribution even when subjects attempt to obscure their identity through multiple accounts or pseudonyms.
Network Mapping and Relationship Intelligence#
Visualise complex social networks with AI-powered relationship mapping that identifies key influencers, community structures, information flow patterns, and hidden connections. Friend lists and follower counts become actionable network intelligence for investigations.
Coordinated Campaign Detection#
Machine learning models trained on millions of authentic and synthetic accounts detect bot networks, sock puppets, and influence operations, providing early warning of information warfare, political manipulation, and corporate reputation attacks.
Geospatial Social Media Intelligence#
Extract, analyse, and visualise location data from posts, check-ins, and metadata. Real-time situational awareness, event detection, and pattern-of-life analysis for investigations and threat monitoring.
Content Analysis and Threat Detection#
Automated models analyse social media content at scale, understanding sentiment, detecting threats, classifying images, and identifying concerning behaviour across all monitored platforms and languages.
Historical and Deleted Content Recovery#
Preserve critical evidence and recover deleted content with automated archival systems and advanced recovery techniques, ensuring investigators have access to the full digital footprint even when subjects attempt to remove traces.
Use Cases#
- Crime scene intelligence: Collection of social media activity from the vicinity of a crime location.
- Witness identification: Discovery of potential witnesses through documented location presence.
- Suspect alibi verification: Confirming or disproving location claims against social media records.
- Event reconstruction: Building a timeline of events from geographic social media data.
- Surveillance target monitoring: Tracking subject movement and activity through social media.
- Disinformation detection: Identifying coordinated inauthentic behaviour targeting public institutions or ongoing operations.
Integration#
- SIEM platforms: Splunk, IBM QRadar, ArcSight, and LogRhythm connectors
- Case management: Integration with major investigative case management systems
- Collaboration tools: Slack, Microsoft Teams, and Discord notifications
- Ticketing systems: Jira, ServiceNow, and Zendesk integration
- BI platforms: Tableau, Power BI, and Qlik dashboards for SOCMINT analytics
- Multi-tenant isolation with organisation-level data separation throughout
Open Standards#
- STIX 2.1 (OASIS CTI TC): Collected social media intelligence and extracted threat objects are represented using STIX 2.1 domain objects, enabling interoperability with downstream threat intelligence platforms.
- TAXII 2.1 (OASIS CTI TC): Analyst-configured feed subscriptions use TAXII 2.1 as the transport protocol for receiving and sharing cyber threat intelligence, including SOCMINT-derived indicators.
- GeoJSON (RFC 7946) / EPSG:4326 (WGS 84): Location data extracted from posts, check-ins, and media is stored and served as GeoJSON FeatureCollections using the WGS 84 coordinate reference system, enabling direct use in mapping and GIS tooling.
- MITRE ATT&CK: Threat behaviours detected in social media activity, including influence operations and coordinated campaigns, are tagged with MITRE ATT&CK technique IDs to align findings with the broader threat intelligence taxonomy.
- Exchangeable Image File Format (Exif / ISO 12234-2): Exif metadata is extracted from social media images, recovering embedded GPS coordinates, device identifiers, and capture timestamps as evidentiary artefacts.
- ISO 639-1 Language Codes: Content analysis and NLP across 50+ languages uses ISO 639-1 two-letter language codes to identify and label the detected language of each collected item.
- GraphQL (June 2018 Specification): All SOCMINT queries, mutations, and subscriptions are exposed through a GraphQL API, providing structured, schema-validated access for analyst workspaces and integrating case management systems.
- OAuth 2.0 (RFC 6749): Connections to third-party social media data providers support OAuth 2.0 bearer token authentication alongside API-key and basic auth, using the standard authorisation framework.
Last Reviewed: 2026-02-05 Last Updated: 2026-04-14