Edgewatch identifies whether an internet-facing service is CDN-fronted and/or WAF-protected as part of every scan. By default we use safe, passive techniques (DNS, IP ranges/ASN, HTTP headers, and TLS hints). We do not run heavy exploit attempts against Cloudflare or…
Trends highlights activity around threat-intel tags (actors, tools, CVEs) detected by Edgewatch, using a signature-based approach to surface what’s moving now across our collections. Use it to spot spikes, anomalies, and newly active items before they hit your incidents queue.…
Edgewatch Threat Intelligence Feeds are ready-to-use IoC lists curated from our first-hand collections (global honeypots and direct internet telemetry). They’re designed for quick deployment into SIEM/SOAR, firewalls, TIPs, and blocklist consumers—no third-party dependence. Public feeds are linked from the CTI…
Edgewatch Cyber Threat Intelligence (CTI) delivers real-time, first-hand indicators and context from a global honeypot network, exposed via a REST API and STIX/TAXII 2.1 feeds. Use it to enrich SIEM/SOAR workflows, blocklists, and investigations with high-fidelity IOCs (IPs, hostnames, URLs,…
The Edgewatch WHMCS API Partner Module lets MSPs and hosters manage and fully automate customer enrollment and provisioning while bringing External Attack Surface Management (EASM) right into WHMCS: map products to Edgewatch plans, auto-create tenants on order/upgrade, sync usage and…
We’re excited to share that Edgewatch will be attending MSP Global 2025 as a gold sponsor. And as a proud partner a part of the Acronis Technology Ecosystem, we’re looking forward to participating in this premier MSP-focused event taking place…
The Edgewatch MCP Server provides developers with programmatic access to two IP intelligence tools: getInsight, which delivers contextual analysis of an IP, and getExplorer, which lists observed hostnames and open ports. Access is authenticated via client credentials (client-id, client-secret), and the service supports both Streamable HTTP and SSE transports. SDK integration with schema validation (Zod) is recommended for safe request/response handling, while simple curl queries are also supported.
REST API application for credential search and breach data analysis. It provides comprehensive search capabilities across multiple data sources including Credshed, Twitter, and various breach incident collections. The API supports dual authentication systems for different client types and includes advanced…
The Edgewatch Domain Intelligence API offers enriched passive DNS, RDAP, and infrastructure data to support threat detection, domain attribution, and cyber investigations. Track historical DNS records, registrar metadata, and name server relationships to uncover malicious activity and map global domain…
Edgewatch’s Breachspot continuously monitors public databases, online criminal forums, and data markets for compromised information. The data collected is enriched with context, and sensitive information —such as hashed passwords— can be decoded and indexed for further investigation. We group data…