OSINT sources
Learn how Validin ingests OSINT data alongside first-party collection.
OSINT and reputation data provide external context that complements Validin’s first-party DNS, host response, certificate, and registration datasets.
This data is used to associate infrastructure with known threats, research activity, and third-party assessments, allowing analysts to understand why a domain, IP address, or artifact has been referenced by external sources.
Data sources
Validin ingests open source intelligence from a defined set of external sources.
OSINT ingestion focuses on structured threat intelligence frameworks and curated repositories rather than unvetted indicator feeds.
NoteOSINT data is enriched and correlated during ingestion. Indicators are not stored as flat or standalone lists.
External intelligence sources
Threat profiles and OSINT context are derived from the following sources:
- Maltrail
- MITRE ATT&CK
- MISP Galaxy
- ThreatFox
Each source is referenced directly within the platform, with links to the original repository or report where applicable.
Threat profiles
The Threat Profiles menu provide a structured view of named threats, malware families, and campaigns.
The platform maintains over 2,500 named threat profiles on APT group, malware families and attack vectors.
Each mapped directly to artifacts, including:
- Domains
- IP addresses
- Certificates
- Host response artifacts
Threat Profiles aggregate indicators, references, and metadata into a single view.
Reputation data model
Validin’s reputation data is derived from third-party intelligence and documented associations rather than internally generated scoring.
Reputation context reflects:
- Inclusion in open source threat intelligence repositories
- Associations with named threats or malware families
- References in external research and reporting
Validin does not assign proprietary reputation scores to DNS records, name servers, or autonomous systems.
NoteReputation context is explainable. Analysts can review the underlying sources and references associated with a reputation label.
Domain and IP reputation context
Reputation data is applied to domains and IP addresses based on observed associations within OSINT sources.
Context may include:
- Source references
- Associated threat profiles
- Related indicators and artifacts
- Observed relationships to known campaigns
This approach reduces false positives by grounding reputation in documented observations rather than discretionary scoring systems.
OSINT enrichment and correlation
OSINT data is correlated with Validin’s first-party datasets.
Correlation supports:
- Mapping threat intelligence directly to observed infrastructure
- Linking OSINT indicators to DNS, host response, and certificate data
- Identifying overlap between external intelligence and measured behaviour
OSINT acts as contextual enrichment rather than a replacement for first-party measurement.
Historical OSINT tracking
Validin preserves historical OSINT observations.
Historical data includes:
- First seen timestamps
- Source publication dates
- Changes to indicator associations over time
This enables analysis of how external intelligence and infrastructure evolve together.
Data access in the platform
OSINT and reputation data is exposed in the platform through:
- Threat profile views
- Indicator context panels
- OSINT and reputation tabs
- API access for reputation queries
Updated 27 days ago