Skip to content
  • There are no suggestions because the search field is empty.

DarkSonar API Introductory Guide and Response Fields

DarkSonar is a risk metric based on darknet intelligence and measures an organization’s credential exposure on the darknet. It is a relative risk rating that considers the nature, extent and severity of credential leakage on the darknet to provide a company with a signal that acts as a measurement for a company’s exposure.

The DarkSonar endpoint allows you to retrieve a relative risk rating for a domain, which captures rising or falling cyber risk over time. The rating is based on email exposure using three parts of email entities: unique plaintext credentials, unique hashed credentials, and total unique email address volume with no credentials.

DarkSonar Request Options

When working with the DarkSonar endpoint, the domain parameter is the primary field used, along with the detail parameter.

  • detail=rating will return the current rating (numerical value) and its risk interpretation signal (low, elevated, severe).
  • detail=full will return the above, plus an array of historical monthly baseline details for the past 24 months. These baseline details are the underlying values upon which the current rating and signal are determined. We recommend graphing these values on a timeline for visualizing purposes.

DarkSonar Response Fields

Response fields

Field descriptions

rating

The z-score for the domain, which is calculated based on the past 24 months of baseline ratings for the domain. The z-score indicates the number of standard deviations away from the mean at this point in time. A DarkSonar rating that is trending upwards away from the mean, or over 1 standard deviation from the mean, can be an early warning sign of risk. A null rating is returned in the instance that the domain has zero results in the Vision dataset.

signal

Interpretation of the rating, based on its proximity to the baseline rating. Note these are suggested interpretations and are based on the number of standard deviations away from the mean.

·       Ratings lower than 1 will be considered low.

·       Ratings equal to or higher than 1 but less than 2 will be considered elevated.

·       Ratings equal to or higher than 2 will be considered severe.

date

Date the current rating and signal were calculated.

details

This is a list of objectives outlining monthly historical numbers for this domain, over the past 24 months. It will be an array that includes:

·       date: date at which this baseline and z-score rating were calculated.

·       baseline: the baseline rating, which is measured by credential exposure on the darknet, with considerations for age and uniqueness.

·       rating: The z-score for the domain, which is calculated based on the past 24 months of baseline ratings for the domain. The z-score indicates the number of standard deviations away from the mean at this point in time.