Auth0 Signals is a tool that provides an updated and accurate set of IP addresses, domains, or emails found in various open-source intelligence (OSINT). Thus, users can avoid all the time and effort needed to keep this up-to-date data thanks to this automated process of extracting and updating information.
In Auth0 Signals jargon, each of these data sets is called a ‘blacklist.’ Every time a user asks for an IP address, a domain, or an email, the core of the service performs a lookup to find out which blacklists the resource belongs. Therefore, each query may return none, or one or more, of these blacklists.
The Auth0 Signals API allows quick lookups to determine in a few milliseconds if a resource is in any of the available blacklists. You can see an example in the topic Auth0 Signals for newbies. There are also more advanced queries that perform risk calculations by returning a score based on multiple parameters such as resource history, network information, or geolocation.
For details on the available blacklists you can use the Metadata API, or visit the page available on the old Apility.io site, or click on the blacklist button in the Slack Bot.
The blacklist properties
To find out what each list does, the user can see full detailed information about what kind of list is and how it can help the user.
The information shown in the list details is:
- Why the user should use this list.
- Source site: URL of the website the list was found.
- Items: Current number of items.
- Updated: How often is the list updated.
- Last update: Last time the list was updated.
- Tags: Helper taxonomy to classify what kind of content has the list.
- Sensitivity: A list can contain IP addresses, domains, or emails that can be more or less dangerous. An element with a sensitivity closer to ‘1’ means that it is more hazardous than a sensitivity closer to’ 10’, which usually means that the resource is not very risky or for informative purposes only.