Enhancing Threat Intelligence Operations
Criminal IP has partnered with Securonix to integrate its Threat Intelligence into ThreatQ, allowing organizations to incorporate external IP intelligence into their existing workflows. This integration enables security teams to accelerate analysis and response with more actionable context.
Unlike traditional intelligence feeds, Criminal IP provides visibility into how assets and infrastructure are exposed across the internet. By embedding this data into ThreatQ, organizations can incorporate real-world context into investigations without disrupting existing processes.
Automated Intelligence Enrichment at Scale
Within the integrated environment, Criminal IP's threat intelligence APIs automatically enrich incoming IP indicators in ThreatQ with contextual data such as maliciousness scoring, VPN and proxy detection, remote access exposure, open ports, and known vulnerabilities.
Powered by ThreatQ's data-driven orchestration engine, organizations can configure automated workflows that continuously evaluate incoming indicators against Criminal IP's threat database. This ensures that threat context remains current without requiring manual analyst effort, supporting faster triage and more consistent prioritization.
Integrating Criminal IP Intelligence into ThreatQ Workflows
Organizations can integrate Criminal IP's exposure-based threat intelligence into ThreatQ to enrich IP indicators with real-time context. This integration enables analysts to access Criminal IP intelligence directly within the ThreatQ interface, enabling real-time validation of suspicious IP activity without switching tools.
By combining exposure data with infrastructure-level insights, teams can assess risk more effectively within their existing workflows. Analysts can also perform on-demand Criminal IP lookups directly from indicator detail views or investigation boards, providing immediate access to additional context during active investigations.
Intelligence-Driven Prioritization and Response
Criminal IP enrichment integrated within the ThreatQ Orchestrator enables automated ingestion and filtering of exposure-based IP intelligence directly into analysis workflows. By integrating Criminal IP's intelligence into ThreatQ's scoring framework, organizations can align risk evaluation with their specific operational environment.
This enables more precise prioritization and supports more effective decision-making during investigations. Enriched data can also be visualized through dashboards, providing clearer visibility into maliciousness trends, VPN usage, and risk distribution across indicators.
Expanding Visibility with Exposure Intelligence
The integration highlights the growing importance of exposure-based intelligence in modern threat analysis. By continuously monitoring and analyzing internet-facing assets and IP infrastructure, Criminal IP provides differentiated visibility that extends beyond traditional indicator-based approaches.
“This integration enables organizations to bring IP reputation and exposure intelligence directly into the ThreatQ platform, supporting faster analysis and more effective response throughout the investigation lifecycle,” said Byungtak Kang, CEO of Criminal IP.
“By integrating our intelligence into existing workflows, security teams can improve visibility and make more informed decisions without adding operational complexity.”
“This collaboration strengthens the role of IP intelligence at critical points of investigation and decision-making,” said Scott Sampson, Chief Revenue Officer, Securonix. “By combining ThreatQ's orchestration and prioritization capabilities with Criminal IP's real-time threat data, organizations can accelerate enrichment processes, reduce manual workloads, and focus on the most relevant threats within their environment.”
About Criminal IP and Securonix
Criminal IP is a cyber threat intelligence solution operated by AI SPERA that provides decision-ready IP address and domain reputation data to security teams worldwide. Securonix is transforming security operations with the industry's first Unified Defense SIEM with Agentic AI, built to decide and act across the threat lifecycle with a human-in-the-loop philosophy.
- Criminal IP aggregates and contextualizes threat signals across IPs, domains, URLs, and attack infrastructure, covering malicious indicators, known vulnerabilities, exposed assets, and attacker behavior.
- Securonix delivers accountable, outcome-driven security operations at scale, recognized as a Leader in the Gartner Magic Quadrant for SIEM and a Customers' Choice by Gartner Peer Insights.
Source: BleepingComputer