Customer portal

Frequently Asked Questions

We realise you may have a lot of questions, so please browse below… or why not book a demo and speak to someone?

Book a demo

What does SOS Intelligence do?

SOS Intelligence provides Threat Intelligence services through curated OSINT feed collection and dark web indexing and monitoring. We offer real time breach alerting, digital risk and reputation monitoring and a comprehensive API toolkit for threat hunting.

You can start with a free plan for monitoring the email address you sign up with.

Why do individuals need this?
It is an established sad fact that one or more online services you may have signed up to will or have already been breached and the user database extracted. This database is sold or shared on hacking forums.

Our service monitors the typical channels used by those who obtain and share these leaks and we strive to ingest relevant databases into our index. 

If your email address is found in any of our ingested data you will receive an alert with the source information (i.e. all the relevant information that was ingested, this could be your email address, hashed password or plaintext password as was stored in the leaked information).

Why do companies need this?

Any company that values the information it holds about itself, their customers and their employees should be monitoring the Dark Web. Every cyber security team can get huge value from SOS Intelligence.
How does it work?

Using our bespoke collection processors,  we automate the collection of, for example: forum posts, or pastes and process these documents checking them against our customer keyword library.

Any matches are stored and index with an alert issued to the relevant customer. A similar method is used for the DarkWeb where we crawl and index onion webpages.

We also use all of our existing OSINT feeds to find new onion domains, so some of the DarkWeb pages we have in our index may never have been linked to on the DarkWeb.

We are therefore able to continue to grow our index size beyond simply relying on crawling. 
Customer keywords are never (with the exception of Twitter) passed to a 3rd party or exposed to a 3rd party collection source. We strive to maintain customer OPSEC. 

What does it cost?

For companies and individuals we offer a set series of plans.

Starting from £180 (inc. VAT) per month for our Security Researcher Plan, £300 (inc. VAT) per month for Pro, (ideal for an SME) and from £1,800 (inc. VAT) per month for our Enterprise plan, ideal for larger organisations with dedicated security teams who may befit from our APIs and additional features.

We also offer commercial MSSP plans for any managed security provider who wants a “turnkey” TI / Breach Monitoring Service. Our pricing is extremely competitive and we welcome any inquires please contact [email protected] for more information.

Is there an annual discount?

Yes. We apply a 20% discount for annual plans. Sign up here.

Who is behind SOS Intelligence?

SOS Intelligence is a new company backed by one of most trusted names in finance. The technology and software was originally developed internally and it soon became apparent that every person, organisation and business could be empowered by having this service.

What is the Dark Web?

Check out our article on How Does The Dark Web Work? Where we answer this question. Click here. 

How easy is it to use?

We’ve tried to make our service as easy to use as possible. Once you’ve signed up and enrolled your account you can log into our customer portal to get started.

You can add one or more keywords for real time alerting and then set a specific notification method if needed. 
Your keywords will be processed and set to real time alerting by our system. Any matching content will show up in the alerts section of our customer portal and may trigger your chosen notification method. 

How am I alerted to threats?

We offer a number of notification methods. For all our plans we offer Email, Slack and Pager Duty as notification methods, for Pro and Enterprise we also offer SMS. 

Keywords can trigger specific notification methods, for example if a particular team or individual in your organisation is the only one interested if a specific keyword triggers an alert then they can be set as an email notification recipient (or a distribution email address).

How common are security breaches?

Security breaches are unfortunately all too frequent.

It is now a common, almost monthly occurrence where we see a community forum or ecommerce website been breached and information stolen. With large newsworthy breaches happening at least once a year they overshadow a lot of the smaller data breaches, of which some carry potentially worrying consequences such as medical, insurance and other financial information leaked beyond that of just a username and password.
The reason for them?

Well that’s as complex and varied as the breaches themselves to explain!

What happens when I get an alert? What should I do next?

You should log into our customer portal and either click on the Alert Bell from the dashboard or click on the Alerts submenu review the alert that you’ve received.

Once the alert has been reviewed you may review it by clicking thumbs up or down (providing a reason for the thumbs down, this helps us greatly) and you may then click the tick to indicate this alert has been acknowledged. 

Why is it important to know when there has been a breach?

So that you may take action!

Either by changing any breached passwords or for additional awareness of what service and or email address has been impacted by the breach as this email address may be subject to increased spam, phishing and other types of potential risks. 

What can I monitor?

We provide a set of generic asset types these are:

– Email Domain 
– Domain Name 
– IP Address

We also permit the use of “Free text”. 

Keywords can be in any language and we support multi-language scripts (Cyrillic, Hebrew, Arabic etc). We recommend setting a helpful Keyword Label so that any future alerts can be easily referenced to the keyword used. 

What are the main differences between plans?

Free Plan 
Gives you free breach monitoring against the email address you’ve used to sign up with. 

Security Researcher Plan 

A plan designed around the needs of a Threat Hunter or Security Researcher individual who can benefit from access to our DARKMAP, DARKSEARCH and OSINTSEARCH features as well as our comprehensive API Tookit. The plan also offers a 2 keyword real time alerting limit. 

Pro Plan 
Ideal for small to medium sized organisations with a smaller IT/Security Team who just need peace of mind that your keywords subscribed with us will benefit from real time monitoring. You get a 10 keyword limit and access to product support. 

Enterprise Plan 
Perfect for organisation with a requirement for retrospective search, API access or more than 10 real time alerting keywords. 
With this plan you may have additional accounts access our customer portal, access to our API toolkit, alert against our Twitter feed collection and request access to custom feed development, custom alerting integration (subject to additional fees) 

MSSP (Managed Security Providers Plan)
Our commercial ‘turnkey’ solution for Managed Security Providers who wish to add a Threat Intel / Breach Alerting service to their existing portfolio and customer base.

We offer bespoke MSSP features for customer dashboards, bulk keyword management, customer alerting interface, APIs and more. Part of the commercial use license goes towards development of any ticketing/SOC integration requirements.

Why should I trust you?

We have a strong focus on customer security and our customer’s operational security. Our platform is built on the maxim of maintaining OPSEC.

We therefore never reveal your keyword to the source we are monitoring (other than Twitter due to their Firehose API requirements).

With our DARKSEARCH tool, all data is crawled anonymously and your searches and content is local to SOS Intel only. We also generate screen-grabs, on demand anonymously and display that data, encoded and encrypted to you dynamically for the duration of that screenshot session being open only. Never revealing your own browser information.

Keywords stored in our index and collection ingestion platform are referenced only by a unique keyword ID, this means multiple customers may have the same keyword but are always separated across our system – further this helps keep your anonymity in our system unless of course the keyword itself reveals your company name. 

Our customer portal website and APIs are penetration tested annually. 

What is the minimum term?

One Month for all other than our commercial MSSP plan.

Do you offer analyst support?

No, we see no value to having an additional analyst service once you receive the report of your email or domain or keyword on the Dark Web.

What is Spoof domain monitoring?

Domain spoofing occurs when an attacker appears to use a company or organisation’s domain to impersonate them or in some cases, one an employee.

The domain is often *very* similar to the real one, only differing slightly in the url and looking almost identical in terms of look / design / branding.

These spoof sites are there to trick users in thinking it’s a legitimate site and commonly capturing the information they then put in such as usernames and of course passwords.

Hence monitoring for these websites is absolutely critical.

What is OSINT?

OSINT (Open Source Intelligence) is any information available in the public domain.

OSINT items typically are accessible from the world wide web and the public data sources we collect and gather intelligence from are typically associated with nefarious activity and data leakage.

We have created a number of bespoke OSINT collection feeds to gather items from these sources.

What is OSINT monitoring and alerting?

Open Source Intelligence is the term given to any piece of information that is obtainable through open source means. Monitoring of that collected information, with the option of alerting against matching keywords is essentially the service we provide.

Who is the Enterprise plan for?

More for bigger company with a dedicated cyber team, who would want to do a deeper dive into what has happened and what accounts have been comprised, see source record and source material, what passwords or records have been exposed.

What is the new Source Library?

The Source Library aims to provide customers with additional context and information about the sources being monitored, as well as specific alerts generated.

You can watch a webinar we did on this here.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound