What is Auth0 Signals?

Auth0 Signals is a Threat Intelligence API for developers, cybersecurity analysts, and enterprises that want to know in real-time if an IP address, domain, or email has been flagged as malicious in an open-source intelligence (OSINT) data source, by one of our users, or by information obtained through Auth0.

The automatic data collection processes extract all the information in real-time, keeping the data as up-to-date as possible, saving the user the hassle of regularly extracting and updating all these lists and data.

How it works

Auth0 Signals has an extremely simple and minimalistic REST-style API to access in realtime to these lists and do the following simple question about the resource:

Is this IP, domain, or email stored in any blacklist?

The answers to this question can be:

  • YES: The resource can be found in an abusers’ list. This is a bad resource.
  • NO: The resource cannot be found in any abusers’ list. This is a clean resource.

A bad resource would require some kind of action from the developers’ side. A clean resource does not need any action from their side.

What resources are listed?

There are several different types of resources that will grow in time:

  • IP: IP address that has been used in any abusing activities like spam, attacks, hacking activities and others.
  • Domains: Domain names used as email registration, source of attacks, and others.
  • Emails: Emails used in spam and fraudulent activities.
  • IP Geolocation: For Geolocation activities, access to a Geolocation Rest API.
  • Autonomous Systems: Get the Autonomous System and network by the IP or the number.
  • Resource History: Historical activity of these resources. Complete access to the history of changes.
  • Whois IP data: Database query of RFC 3912 protocol.
1 Like