Behavioral Anomaly & Threat Intelligence Network
Batin is a full-spectrum Cyber Threat Intelligence (CTI) and Continuous Threat Exposure Management (CTEM) platform. It unifies blocklist aggregation, APT group tracking, darknet monitoring, DGA detection, OSINT analysis, vulnerability scanning, defacement detection, and real-time threat mapping into a single pane of glass. Integrates with 14+ intelligence sources including VirusTotal, Shodan, AbuseIPDB, and MISP.
The Problem
Threats Are Everywhere, Visibility Is Nowhere
Security teams drown in disconnected tools, siloed intelligence feeds, and fragmented dashboards. APT campaigns go unnoticed, darknet leaks surface too late, and critical vulnerabilities remain hidden. Without a unified threat intelligence platform, your organization is always one step behind the adversary.
Capabilities
Complete CTI & CTEM Platform
20+ integrated security modules — from Cyber Threat Intelligence (CTI) aggregation to Continuous Threat Exposure Management (CTEM) — in a single unified platform.
Blocklist Aggregator
Aggregates and deduplicates 800K+ malicious domains from 50+ sources. Six output formats (hosts, AdBlock, dnsmasq, Unbound, RPZ, domains), per-tenant whitelisting, confidence scoring, and auto-updated feeds.
DGA Detection
ML-based Domain Generation Algorithm detection with heuristic fallback. Batch analysis of 200+ domains, DGA family classification, hourly trend tracking, and 97%+ accuracy on algorithmically generated C2 domains.
Domain Classification
AI-powered categorization across 40+ categories with risk level assessment. Batch classification, blocklist cross-referencing, popularity detection, and a CortexDNS-optimized endpoint for real-time DNS filtering.
APT Tracking & Threat Map
Database of 33+ APT groups with MITRE ATT&CK mapping, country/sector attribution, and campaign timelines. Real-time threat map with arc, heatmap, flow, and bubble visualizations.
Darknet & Breach Monitoring
Continuous dark web surveillance for data leaks, credential dumps, and ransomware victim tracking. Entity monitoring for domains, emails, and keywords with severity-based alerting and notification delivery.
Threat Intelligence Hub
Unified intelligence lookups for domains, IPs, and URLs across VirusTotal, AbuseIPDB, URLhaus, PhishTank, and AlienVault OTX. Bulk queries, risk scoring, geolocation enrichment, and IOC search.
Website Monitoring & Defacement
Continuous website surveillance with content change detection, screenshot comparison, and defacement risk scoring. Detects malware injection, SEO spam, and unauthorized modifications with baseline tracking.
OSINT Analysis Engine
Comprehensive target reconnaissance: WHOIS data, DNS enumeration, SSL certificate analysis, subdomain discovery, technology fingerprinting, and social media tracking. Generates detailed risk-scored reports.
Global Threat Visualization
Interactive real-time threat map with five visualization modes: arc maps, heatmaps, flow maps, bubble charts, and live attack feeds. Country-level threat details with GeoIP and ASN data.
Security Assessment Suite
Built-in port scanner (65+ ports with banner grabbing), SSL/TLS analyzer, vulnerability scanner (missing headers, exposed paths, CORS issues), subdomain enumerator, and combined security audit tool.
MISP Integration
Native MISP platform integration for bidirectional threat intelligence sharing. Event and attribute management, IOC lookups, feed management, galaxy and taxonomy support, and threat scoring.
Multi-Tenancy & Notifications
Full tenant isolation with RBAC, per-tenant API keys, and audit logging. Multi-channel alerts via Email, Slack, Teams, Telegram, SMS, and webhooks. Scheduled reporting in JSON, PDF, HTML, and CSV.
System Design
Modular Intelligence Architecture
A composable threat intelligence pipeline: every module works independently and feeds into a unified analysis engine.
Collects and normalizes threat data from 50+ sources — OSINT feeds, commercial intel, CERT advisories, and community blocklists — with deduplication and confidence scoring.
Tracks 33+ APT groups with MITRE ATT&CK alignment. Campaign histories, technique profiles, IOC databases, and country/sector attribution.
Automated dark web monitoring and open-source intelligence collection. Breach detection, credential dumps, ransomware tracking, WHOIS, and subdomain discovery.
DGA detection, domain classification, SSL/TLS analysis, port scanning, vulnerability assessment, defacement detection, and behavioral anomaly correlation.
VirusTotal, Shodan, AbuseIPDB, AlienVault OTX, URLhaus, PhishTank, MISP, MaxMind GeoIP, and Certificate Transparency — all unified through a single API.
High-performance async REST API with Redis caching, PostgreSQL persistence, multi-tenant isolation, and a full-featured React dashboard with 14+ pages.
Ecosystem
Batin + CortexDNS
Batin provides the intelligence, CortexDNS enforces it. Together they create an automated threat-to-protection pipeline.
Batin
Threat Intelligence Platform- Aggregates 50+ threat feeds into unified blocklist
- Tracks APT campaigns with MITRE ATT&CK mapping
- Monitors darknet for breaches and leaks
- Classifies domains across 40+ categories
- Detects DGA, scans vulnerabilities, analyzes OSINT
CortexDNS
Intelligent DNS Security- Applies Batin blocklists in real-time
- Enforces category-based filtering policies
- Blocks malicious domains at DNS layer
- Logs and analyzes DNS query patterns
- Provides per-client security analytics
Getting Started
How It Works
From deployment to full threat visibility in four steps.
Deploy
Docker Compose deployment with PostgreSQL, Redis, and the API server. Production-ready in minutes with built-in health checks and monitoring.
Aggregate
Batin automatically collects threat data from 50+ feeds, connects to VirusTotal, Shodan, AbuseIPDB, and MISP, and builds a unified intelligence database.
Analyze
DGA detection, domain classification, APT tracking, darknet monitoring, vulnerability scanning, and OSINT analysis run continuously in the background.
Act
Get real-time alerts via Slack, Teams, Telegram, or email. Feed intelligence to CortexDNS, export reports, or query the REST API from your existing security stack.
Use Cases
Built for Security Teams
From SOC analysts to national defense — Batin adapts to any threat landscape and operational scale.
SOC Teams
Centralized threat intelligence dashboard with real-time alerts, IOC management, APT tracking, darknet monitoring, and incident response workflows — all in one platform.
MSSP Providers
Multi-tenant architecture with isolated dashboards, per-tenant API keys, custom blocklists, and white-label reporting. Serve multiple clients from a single deployment.
ISP / Telco
Subscriber-level threat intelligence with CortexDNS integration. Blocklist aggregation, domain classification, and real-time filtering at scale for millions of users.
Government & Defense
APT group tracking with MITRE ATT&CK mapping, darknet intelligence, national threat monitoring, and comprehensive OSINT capabilities for defense-grade operations.
Enterprise Security
Unified threat visibility across your organization: vulnerability scanning, phishing detection, breach monitoring, website defacement alerts, and automated security assessments.
Unified Threat Intelligence Starts Here
Stop juggling disconnected security tools. Aggregate, analyze, and act on threats from a single platform with 20+ integrated security modules.