Overview#
An analyst running an entity enrichment workflow needs to know which data sources are available for sanctions lookups, which cover threat intelligence, and which provide OSINT enrichment. Without a central catalog, discovering that information requires navigating multiple system settings pages and asking colleagues. The Data Source Catalog provides a single, organised view of every available data source, its capabilities, and its current health status.
Key Features#
- Centralised registry of available data sources and their capabilities.
- Data source capability declarations for enrichment routing.
- Integration metadata management for external providers.
- Source categorisation (sanctions, threat intel, OSINT, enrichment).
- Data source availability monitoring.
- Version tracking for data source configurations.
- Organisation-scoped source access management.
- Provider health status tracking.
Use Cases#
Intelligence analysts discover available data sources for entity enrichment workflows by browsing the catalog, understanding what each source covers before configuring enrichment pipelines.
Platform administrators route enrichment requests to appropriate data providers based on capability declarations, ensuring that sanctions checks go to sanctions providers and OSINT queries reach OSINT sources rather than hitting the wrong endpoint.
Compliance teams manage sanctions list integrations and threat intelligence feed configurations through the catalog, with version tracking ensuring that configuration changes are auditable.
Operations teams monitor data source availability and health status across all 153 third-party integrations, identifying degraded sources before they affect investigation workflows that depend on their data.
Integration#
Integrates with sanctions management, threat intelligence, and entity enrichment domains for data source discovery and routing.
Open Standards#
- GraphQL (June 2018 specification): The catalog's primary query and mutation interface is implemented as a GraphQL schema using typed enums, paginated connections, and resolver-level role enforcement, allowing clients to retrieve and manage data sources through a single, self-describing endpoint.
- OAuth 2.0 (RFC 6749), client credentials flow: The generic REST connector supports OAuth 2.0 token acquisition and caching for authenticating outbound connections to external data providers that require machine-to-machine authorisation.
- REST / HTTP (RFC 9110): All connector integrations communicate with external providers over standard HTTP using GET, POST, PUT, and DELETE methods, and the catalog exposes a mirroring REST API at
/api/v1/data-sourcesfor clients that prefer HTTP over GraphQL. - JSONPath (RFC 9535): The generic REST connector uses JSONPath expressions to extract records, cursors, and aggregate counts from arbitrarily structured provider responses, and to map provider fields to the platform's normalised schema.
- Web Linking, HTTP Link Header (RFC 5988): Cursor-based pagination across multi-page provider feeds is handled by parsing the
Link: rel="next"header, enabling interoperability with any provider that follows the RFC 5988 link-relation convention. - CVE / NVD JSON API 2.0 (NIST NVD): A dedicated connector consumes the NIST National Vulnerability Database CVE 2.0 REST API, normalising Common Vulnerabilities and Exposures records including CVSS v2/v3 scores, CWE identifiers, and CPE-based affected product data.
- ISO 8601: All timestamps exchanged with external providers and stored in sync history records use ISO 8601 date-time format, ensuring unambiguous interoperability across the catalog's scheduled and on-demand sync operations.
Last Reviewed: 2026-02-05 Last Updated: 2026-04-14