SPNT

OSINT Intelligence Layer

External context that matters to your environment, delivered continuously.

Most threat intelligence arrives as a feed an analyst must manually correlate with your assets. A CVE is published; an analyst checks whether the vulnerable component is in your stack. A credential leak is reported; an analyst checks whether the email domain matches your organisation.

SPNT's OSINT Intelligence Layer automates this correlation. Every external signal is normalised, matched to the assets in your substrate, and — if a match is found — written as an enrichment event that immediately affects priority scoring, governance evaluation, and reasoning outputs.

Signal sources

Certificate Transparency

Real-time monitoring of CT logs for certificates issued against your domains. A new certificate for your domain triggers an alert; a suspicious certificate triggers enrichment.

Vulnerability Disclosures

Continuous ingestion from NVD, vendor advisories, and the CISA Known Exploited Vulnerabilities catalog. KEV additions immediately re-score related findings.

Credential Exposure

Monitoring for credential leaks affecting your organisation's email domains. Uses k-anonymity hash prefixes — raw email addresses are never transmitted.

Threat Intelligence Feeds

STIX/TAXII and MISP overlay ingestion. Indicators correlated to substrate findings where applicable.

Code Leakage

Monitoring for code, secrets, and configuration files exposed in public repositories and paste sites.

Passive DNS

Historical DNS records for domain reconnaissance and infrastructure mapping.

What correlation looks like

When a new KEV entry is published:

  1. The OSINT layer ingests the entry and extracts the CVE identifier.
  2. The layer queries the substrate for findings with matching CVE identifiers.
  3. For each match, an enrichment event is written to the finding's record.
  4. The priority score for each matched finding recalculates — KEV status significantly increases priority.
  5. The governance module re-evaluates obligations affected by the now-higher-priority finding.
  6. The decision intelligence layer includes the enrichment in the next Operational Digest.

This process completes within minutes of the KEV publication. No analyst needs to be in the loop for the initial correlation.

Tier availability

The OSINT Intelligence Layer is available on Commercial, Enterprise, and Sovereign tiers.

See OSINT correlation in action

A demonstration showing a new threat-intelligence signal arriving and automatically updating priority scores across related findings.

Schedule a technical reviewNext: Operational Telemetry