Frequently Asked Questions

SOS Intelligence provides Threat Intelligence services through curated OSINT feed collection and dark web indexing and monitoring. We offer real time breach alerting, digital risk and reputation monitoring and a comprehensive API toolkit for threat hunting.

You can start with a free plan for monitoring the email address you sign up with.

 
Our service monitors the typical channels used by those who obtain and share these leaks and we strive to ingest relevant databases into our index. 

If your email address is found in any of our ingested data you will receive an alert with the source information (i.e. all the relevant information that was ingested, this could be your email address, hashed password or plaintext password as was stored in the leaked information).

Why do companies need this?

Using our bespoke collection processors,  we automate the collection of, for example: forum posts, or pastes and process these documents checking them against our customer keyword library.

Any matches are stored and index with an alert issued to the relevant customer. A similar method is used for the DarkWeb where we crawl and index onion webpages.

We also use all of our existing OSINT feeds to find new onion domains, so some of the DarkWeb pages we have in our index may never have been linked to on the DarkWeb.

We are therefore able to continue to grow our index size beyond simply relying on crawling. 
Customer keywords are never (with the exception of Twitter) passed to a 3rd party or exposed to a 3rd party collection source. We strive to maintain customer OPSEC. 

For companies and individuals we offer a set series of plans.

Starting from £180 (inc. VAT) per month for our Security Researcher Plan, £300 (inc. VAT) per month for Pro, (ideal for an SME) and from £1,800 (inc. VAT) per month for our Enterprise plan, ideal for larger organisations with dedicated security teams who may befit from our APIs and additional features.

We also offer commercial MSSP plans for any managed security provider who wants a “turnkey” TI / Breach Monitoring Service. Our pricing is extremely competitive and we welcome any inquires please contact [email protected] for more information.

Yes. We apply a 20% discount for annual plans. Sign up here.

SOS Intelligence is a new company backed by one of most trusted names in finance. The technology and software was originally developed internally and it soon became apparent that every person, organisation and business could be empowered by having this service.

Check out our article on How Does The Dark Web Work? Where we answer this question. Click here. 

We’ve tried to make our service as easy to use as possible. Once you’ve signed up and enrolled your account you can log into our customer portal to get started.

You can add one or more keywords for real time alerting and then set a specific notification method if needed. 
Your keywords will be processed and set to real time alerting by our system. Any matching content will show up in the alerts section of our customer portal and may trigger your chosen notification method. 

We offer a number of notification methods. For all our plans we offer Email, Slack and Pager Duty as notification methods, for Pro and Enterprise we also offer SMS. 

Keywords can trigger specific notification methods, for example if a particular team or individual in your organisation is the only one interested if a specific keyword triggers an alert then they can be set as an email notification recipient (or a distribution email address).

Security breaches are unfortunately all too frequent.

It is now a common, almost monthly occurrence where we see a community forum or ecommerce website been breached and information stolen. With large newsworthy breaches happening at least once a year they overshadow a lot of the smaller data breaches, of which some carry potentially worrying consequences such as medical, insurance and other financial information leaked beyond that of just a username and password.
The reason for them?

Well that’s as complex and varied as the breaches themselves to explain!

You should log into our customer portal and either click on the Alert Bell from the dashboard or click on the Alerts submenu review the alert that you’ve received.

Once the alert has been reviewed you may review it by clicking thumbs up or down (providing a reason for the thumbs down, this helps us greatly) and you may then click the tick to indicate this alert has been acknowledged. 

So that you may take action!

Either by changing any breached passwords or for additional awareness of what service and or email address has been impacted by the breach as this email address may be subject to increased spam, phishing and other types of potential risks. 

We provide a set of generic asset types these are:

– Email Domain 
– Domain Name 
– IP Address

We also permit the use of “Free text”. 

Keywords can be in any language and we support multi-language scripts (Cyrillic, Hebrew, Arabic etc). We recommend setting a helpful Keyword Label so that any future alerts can be easily referenced to the keyword used. 

Free Plan 
Gives you free breach monitoring against the email address you’ve used to sign up with. 

Security Researcher Plan 
A plan designed around the needs of a Threat Hunter or Security Researcher individual who can benefit from access to our DARKMAP, DARKSEARCH and OSINTSEARCH features as well as our comprehensive API Tookit. The plan also offers a 2 keyword real time alerting limit. 

Pro Plan 
Ideal for small to medium sized organisations with a smaller IT/Security Team who just need peace of mind that your keywords subscribed with us will benefit from real time monitoring. You get a 10 keyword limit and access to product support. 

Enterprise Plan 
Perfect for organisation with a requirement for retrospective search, API access or more than 10 real time alerting keywords. 
With this plan you may have additional accounts access our customer portal, access to our API toolkit, alert against our Twitter feed collection and request access to custom feed development, custom alerting integration (subject to additional fees) 

MSSP (Managed Security Providers Plan)
Our commercial ‘turnkey’ solution for Managed Security Providers who wish to add a Threat Intel / Breach Alerting service to their existing portfolio and customer base.

We offer bespoke MSSP features for customer dashboards, bulk keyword management, customer alerting interface, APIs and more. Part of the commercial use license goes towards development of any ticketing/SOC integration requirements.

We have a strong focus on customer security and our customer’s operational security. Our platform is built on the maxim of maintaining OPSEC.

We therefore never reveal your keyword to the source we are monitoring (other than Twitter due to their Firehose API requirements).

With our DARKSEARCH tool, all data is crawled anonymously and your searches and content is local to SOS Intel only. We also generate screen-grabs, on demand anonymously and display that data, encoded and encrypted to you dynamically for the duration of that screenshot session being open only. Never revealing your own browser information.

Keywords stored in our index and collection ingestion platform are referenced only by a unique keyword ID, this means multiple customers may have the same keyword but are always separated across our system – further this helps keep your anonymity in our system unless of course the keyword itself reveals your company name. 

Our customer portal website and APIs are penetration tested annually. 

One Month for all other than our commercial MSSP plan.

No, we see no value to having an additional analyst service once you receive the report of your email or domain or keyword on the Dark Web.

Domain spoofing occurs when an attacker appears to use a company or organisation’s domain to impersonate them or in some cases, one an employee.

The domain is often *very* similar to the real one, only differing slightly in the url and looking almost identical in terms of look / design / branding.

These spoof sites are there to trick users in thinking it’s a legitimate site and commonly capturing the information they then put in such as usernames and of course passwords.

Hence monitoring for these websites is absolutely critical.

OSINT (Open Source Intelligence) is any information available in the public domain.

OSINT items typically are accessible from the world wide web and the public data sources we collect and gather intelligence from are typically associated with nefarious activity and data leakage.

We have created a number of bespoke OSINT collection feeds to gather items from these sources.

Open Source Intelligence is the term given to any piece of information that is obtainable through open source means. Monitoring of that collected information, with the option of alerting against matching keywords is essentially the service we provide.

More for bigger company with a dedicated cyber team, who would want to do a deeper dive into what has happened and what accounts have been comprised, see source record and source material, what passwords or records have been exposed.

What is the new Source Library?