Auth0 Signals is a Threat Intelligence API for developers, cybersecurity analysts, and enterprises that want to know in real-time if an IP address, domain, or email has been flagged as malicious in an open-source intelligence (OSINT) data source, by one of our users, or by information obtained through Auth0.
The automatic data collection processes extract all the information in real-time, keeping the data as up-to-date as possible, saving the user the hassle of regularly extracting and updating all these lists and data.
How it works
Auth0 Signals has an extremely simple and minimalistic REST-style API to access in realtime to these lists and do the following simple question about the resource:
Is this IP, domain, or email stored in any blacklist?
The answers to this question can be:
- YES: The resource can be found in an abusers’ list. This is a bad resource.
- NO: The resource cannot be found in any abusers’ list. This is a clean resource.
A bad resource would require some kind of action from the developers’ side. A clean resource does not need any action from their side.
What resources are listed?
There are several different types of resources that will grow in time:
- IP: IP address that has been used in any abusing activities like spam, attacks, hacking activities and others.
- Domains: Domain names used as email registration, source of attacks, and others.
- Emails: Emails used in spam and fraudulent activities.
- IP Geolocation: For Geolocation activities, access to a Geolocation Rest API.
- Autonomous Systems: Get the Autonomous System and network by the IP or the number.
- Resource History: Historical activity of these resources. Complete access to the history of changes.
- Whois IP data: Database query of RFC 3912 protocol.