Knogin
[Developers]

OSINT Providers Domain

Running open-source intelligence across 153 third-party integrations requires more than just API credentials in a config file. Each provider needs per-tenant enablement, encrypted key storage, quota enforcement, and auto

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsaireal-timeblockchain

Overview#

Running open-source intelligence across 153 third-party integrations requires more than just API credentials in a config file. Each provider needs per-tenant enablement, encrypted key storage, quota enforcement, and automatic circuit breakers that prevent a slow or failing provider from degrading the wider investigation workflow. The OSINT Providers domain supplies that management layer, keeping every external intelligence source healthy, accountable, and cost-controlled.

Key Features#

  • Provider management with per-tenant enable/disable and API key configuration
  • Dynamic provider registration for adding custom OSINT providers without code changes
  • Multi-tier quota management with rate limiting at minute, hourly, daily, and monthly intervals
  • Health monitoring with circuit breakers, success rate tracking, and response time measurement
  • Execution tracking with query logging, cost tracking, and statistics aggregation
  • Provider catalogue with static and dynamic provider lookup
  • Eight provider categories: threat intelligence, domain, IP, file, email, social, cryptocurrency, and custom
  • Seven capability types: search, lookup, enrich, report, monitor, download, and submit

Use Cases#

Relevant sectors include financial crime, law enforcement, and intelligence agencies.

  • Registering and configuring OSINT providers per tenant with encrypted API key management
  • Enforcing rate limits and spend caps to control provider usage costs
  • Monitoring provider health and automatically disabling unhealthy providers via circuit breakers
  • Tracking execution statistics to audit provider usage and optimise query strategies

Integration#

The OSINT Providers domain integrates with Organisation for tenant isolation, User for authentication and authorisation, Investigation for OSINT lookups, Alert for automated enrichment, and Entity Resolution for data enrichment. It connects to external providers including VirusTotal, Shodan, Censys, SecurityTrails, and custom threat intelligence APIs.

Open Standards#

  • GraphQL (June 2018 specification): All provider management operations, including registration, configuration, health queries, quota reporting, and execution statistics, are exposed through a typed GraphQL schema with named queries and mutations.
  • RFC 6962 Certificate Transparency: Certificate transparency log search is a first-class provider capability in the registry, with crt.sh integrated as a dedicated provider for passive subdomain and certificate discovery.
  • RFC 3912 WHOIS Protocol: WHOIS is a named provider capability used by domain intelligence providers such as SecurityTrails to surface domain ownership and registration history during investigations.
  • DNS (RFC 1035 and related): DNS record enumeration is a named capability in the provider model, consumed by multiple providers including SecurityTrails and DNSDumpster for subdomain reconnaissance and passive DNS lookups.
  • ITU-R M.1371 Automatic Identification System (AIS): The maritime provider category integrates AIS stream data via the AISStream provider, enabling real-time vessel tracking correlated against investigation subjects.
  • PBKDF2-HMAC-SHA256 / Fernet (AES-128-CBC): Tenant API keys are stored using Fernet symmetric encryption with a key derived via PBKDF2-HMAC-SHA256 at 600 000 iterations, protecting credentials at rest per the platform's cryptographic baseline.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.