ThreatBook SaaS API

ThreatBook SaaS API relies on the powerful raw data collection system in the cloud, combined with a variety of independently developed core intelligence extraction systems with dozens of extraction methods, to quickly and automatically produce high-coverage, high-accuracy, context-rich intelligence data, providing unique value for a variety of business. Data Accumulation

• Raw data of tens of billions of domain names records accumulated with millions of newly registered domain names everyday
• PassiveDNS data over 8 years
• Historical Whois domain data records over 18 years
• Billions of malicious samples accumulated along with 1 million new newly captured malicious samples
• 400,000 high confidence IOCs
• Reputation and labels of 4.2 billion global IP addresses
• Tracing Attacks of more than 180 famous hacking groups around the world on an hourly basis
• Intelligence updated on minute basis

Business Values

• Threat discovery and compromise detection for office network hosts / production networks and DMZ servers
• Risk evaluation of external IP of applications or services that are accessible over public networks, such as web, mail and SSH
• Analysis of suspicious files/processes on hosts/servers for identification of malicious programs
• Threat detection cooperates with internal SOC/SIEM big data platforms or analysis logs from security device such as WAF/IPS/NGFW
• Correlation and traceability analysis of internal and external security incidents