FullHunt released the OEM Intelligence API to enable seamless integration of attack surface intelligence into security platforms.
Introducing FullHunt’s OEM Intelligence API for Security Platforms
Today, we’re excited to announce the launch of FullHunt’s OEM Intelligence API, a new offering that allows security platforms and service providers to integrate FullHunt’s dark web monitoring and attack surface intelligence directly into their own products. This initiative is a game-changer for MSSPs, XDR and SIEM vendors, GRC platforms, and any enterprise security solution provider looking to augment their platform with rich security insights. With the OEM API, FullHunt essentially becomes your “intel engine” in the backend – powering your features with our data, FullHunt is rolling out OEM APIs to let you “integrate FullHunt’s discovery and vulnerability scanning into your own security platform,” offering your users a seamless extension of FullHunt’s attack surface management (ASM) datasets within your product.
What Does the OEM Intelligence API Include?
The OEM Intelligence API encompasses three primary endpoints, each corresponding to a core FullHunt intelligence service:
Attack Surface Search API
This endpoint allows you to query FullHunt’s external asset database for information on a given target domain. Essentially, it performs an attack surface enumeration – returning data on all subdomains and hosts related to the domain, along with metadata about each host (open ports, running services, technologies, SSL certificates, and more). Think of it as instantly running an internet-wide scan for your target, but with one API call. For example, if integrated into a security platform, a user who enters their company domain on your interface could receive within seconds a full list of discovered assets: vpn.acme.com, mail.acme.com, dev.acme.com, etc., each with IP addresses and details like “this host is running nginx on port 443 with a certificate for *.acme.com, and has an HTTP title ‘Acme Corp – Login’”. FullHunt’s scanning engine constantly discovers and refreshes this data, so your platform leverages a living, up-to-date inventory. Use cases include continuous attack surface monitoring (alert when a new subdomain appears or an open port is found), asset inventory for IT/security teams, or even feeding this info into a vulnerability scanner or SOC automation. The key value is that your users gain immediate visibility into their external footprint without running separate scans – it’s all integrated into your product workflow. You can also automate actions like creating tickets for newly exposed services or unsafe configurations detected via the data.
Organizations Search API
This endpoint provides organization intelligence, essentially a knowledge base of company information and security-relevant facts. When integrated, it enables your platform to retrieve a profile of any organization by name or domain. The response includes company details (official name, industry, size, headquarters) and importantly, known security incidents (breaches) and related entities (subsidiaries, parent company, etc.). For a practical example, imagine a third-party risk management module in your GRC software: when onboarding a new vendor, you could call this API to automatically fill in the vendor’s profile and flag if that company has a history of breaches or cybersecurity incidents. Similarly, a threat intelligence platform might use it to enrich context around targets or adversaries (e.g. pulling up info on a company that a threat actor claims to have breached). All of this with one query. It adds a layer of situational awareness that can greatly aid decision-making in security operations and risk assessment. From a technical standpoint, this API is straightforward to use and the returned JSON is well-structured, so parsing out fields like estimated_employee_count or notable_breaches is trivial.
Dark Web Search API
This endpoint gives your platform direct access to FullHunt’s dark web and breach intelligence database. You can search for compromised credentials and sensitive data exposures using a variety of identifiers. For example, you can query by an email address to find if that email (or accounts associated with it) have appeared in any data breaches, or search by a company domain to retrieve all credential leaks related to that organization. FullHunt’s dataset covers credentials and personal info leaked on underground forums, paste sites, dark web marketplaces, and public breach dumps. The API returns detailed records including exposed usernames, passwords (hashed or plaintext), names, contact info, and the source of the breach. By integrating this, an MSSP or XDR platform could automatically enrich an alert (e.g. “user account suspicious login”) with a check against dark web data – “has this user’s password been leaked online?” – and immediately inform the analyst or end-customer if a compromise is found. It’s a powerful addition to threat intelligence feeds for incident response and identity protection. And because the search can be parameterized by different fields (username, IP, password, etc.), creative use cases abound – you might even integrate it into your vulnerability management workflow to see if any known exploits (by CVE) or specific indicators have associated leaked data. The possibilities for proactive threat hunting are huge.
All three APIs support an optional query_tags in the request, letting you attach metadata (like a customer ID or use-case tag) to each query for your own tracking. The responses also include metadata such as timestamps and result counts. Crucially, every request is authenticated with your API key and logged on FullHunt’s side, providing traceability (FullHunt maintains audit logs for the OEM API usage). This means you can monitor how your integration is being used and ensure it’s in line with any usage quotas or compliance needs.
Integration Examples & Workflows
To illustrate how the OEM Intelligence API can be leveraged in real-world scenarios, let’s walk through a few example workflows that a security vendor might implement:
Continuous Attack Surface Monitoring (MSSP platform)
If you’re an MSSP managing dozens of clients, you can integrate the Attack Surface API to run on a schedule (say nightly or weekly) for each client’s domain. Each run fetches the latest external asset list. You can then automatically compare it to the last known list and detect changes. New host discovered? Your platform can raise an alert or open a ticket in the client’s queue: “A new subdomain ‘staging.acme.com’ was detected this week, pointing to an IP in AWS – please verify if this is expected.” Likewise, if a previously seen host now has an open port 22 exposed where it didn’t before, that could indicate a security change worth investigating. Essentially, FullHunt’s data becomes the eyes on the outside of each client’s network, and your platform acts as the brain to decide what to do with that data. Multi-tenant tagging ensures each domain’s results are tracked to the right client. The outcome is a value-add service: Attack Surface Monitoring as a Service, powered by FullHunt in the backend but delivered through your operations.
Third-Party Risk Assessment (GRC workflow)
In a GRC or vendor risk management application, assessing a new partner or vendor often requires gathering information about that organization’s size, industry, and any past breaches. By integrating the Organizations Search API, your platform can auto-populate these details. For example, when a user enters a vendor name, your system calls the API and fills out: Company X, ~1,200 employees, HQ in London, sector = Healthcare. It might also display a highlight: “Security incidents: 1 – Data breach in 2019 exposing 200k patient records.” This equips the risk assessor with instant context, prompting deeper questions or controls if needed. It saves hours of manual research per vendor. Additionally, if you maintain a dashboard of all critical suppliers, you could periodically re-check each via the API to catch any newly reported breaches (e.g. if one of your suppliers gets hacked and it’s noted in the data, you’d want to know ASAP). This integration turns FullHunt’s intel into a proactive risk monitoring tool within your product.
Product Contextualization (Security Analytics platform)
Imagine a security analytics platform that investigates threats across multiple companies. When an analyst is looking at a particular threat actor or campaign, they might have a list of target organizations. Using FullHunt’s APIs, the platform can provide one-click context: For each organization, fetch their profile (Org API) to see what that company does, and fetch their attack surface summary (Attack Surface API) to see what infrastructure they have exposed. This can help the analyst understand why that threat actor might be interested (e.g. targeting all fintech companies with open Jenkins servers). It’s an enrichment step that adds narrative and depth to threat intelligence reporting.
These examples scratch the surface of what’s possible. The flexibility of FullHunt’s OEM API means if you can think of a security use-case involving external intelligence, you can likely implement it with a bit of API glue. From augmenting vulnerability scanners with external context, to feeding SOC runbooks, to enhancing security ratings, the integration potential is vast.
Breach Alert Enrichment (XDR/SIEM)
Suppose your XDR platform generates an alert for unusual activity on an admin user account. Through the FullHunt OEM integration, your platform can automatically query the Dark Web API for that user’s email as soon as the alert triggers. If the API returns that this email appears in a recent credential dump with a known password, your platform could attach a note to the alert: “Credentials for this user were found in a 2024 breach (password: Password123).” This gives the analyst immediate insight that the account may be compromised due to password reuse. Your platform could even automate a higher severity rating or prompt an on-demand password reset workflow. All of this happens seamlessly — the analyst doesn’t have to pivot to an external breach-check service; the intelligence is injected right into the alert timeline. Over time, such enrichment dramatically improves incident response by adding context. It also adds value for your customers, as they get proactive breach notification embedded in your service.
Example of FullHunt’s data in action: Through the OEM Attack Surface API, you can retrieve this attack surface data (thousands of subdomains and hosts for a given domain, complete with IPs and metadata) in JSON format and integrate it into your own tools. In practice, this means within your platform, a client could enter a domain like “acme.com” and get an instant inventory of results just like the list shown above – enabling proactive management of external assets and exposures.
Seamless Integration and Support
Getting started with the FullHunt OEM Intelligence API is designed to be developer-friendly. If you’re familiar with RESTful APIs and JSON, you’ll find FullHunt’s API straightforward. You authenticate with an API key via a header, and then send POST requests to specific endpoints under the /api/v1/oem/ path for the features described. FullHunt’s documentation site provides copy-pastable curl examples for each endpoint, making initial testing a breeze. For instance, to search the attack surface data for a domain, you’d use an HTTP POST to /oem/atack-surface/search with a JSON body like:
{
"type": "domain",
"query": "acme.com",
"query_tags": {"client": "ACME Corp"}
}
And you’d receive back a JSON response containing an array of all matching leaked records related to “acme.com”. The patterns are similar for the other endpoints (with slight differences in required fields), so once you integrate one, adding the others is intuitive.
FullHunt also ensures that OEM partners have the support they need. When you come on board as an OEM partner, you will coordinate with FullHunt’s team to get your API key provisioned with the proper access. Typically, this involves contacting FullHunt sales or support – as noted in the documentation, OEM access is enabled for partners by request. After that, you’re free to integrate and test. During integration, if you have questions, FullHunt’s technical support is available. They can help with optimizing queries, understanding the data schema, or troubleshooting any issues. Additionally, because OEM integrations can be complex, FullHunt is open to feedback – if you need a certain feature or data point exposed via the API to support your use case, we can accommodate it or put it on the roadmap.
On the operational side, FullHunt’s OEM API comes with built-in user credit management and audit logs for queries.
Ready to Unlock FullHunt Intelligence in Your Platform?
The FullHunt OEM Intelligence API represents a bold step towards collaborative innovation in cybersecurity. By opening up our intelligence via OEM channels, we aim to empower other security providers to deliver better outcomes for end users. Whether you’re an MSSP looking to enhance your managed services or a security product company aiming to expand features, FullHunt’s data can become a force-multiplier for your offerings.
We invite you to explore what FullHunt OEM Intelligence can do for your organization. Dive into our developer documentation (api-docs.fullhunt.io) to see the technical details and example responses. If you’re interested in becoming an OEM partner, contact our team ([email protected] or via our website) to discuss access and partnership options – we’ll work with you to get the API enabled on your account and ensure a smooth onboarding.
With FullHunt, you can deliver attack surface mapping, organization intelligence, dark web monitoring as an integrated part of your service – all backed by FullHunt’s proven technology and extensive data. We’re excited to see how you will innovate with these capabilities at your fingertips.
Download an in-depth documentation report about the OEM Intelligence API Product
OEM Intelligence API - in-depth Product Documentation
Unlock the power of FullHunt OEM Intelligence API today, and give your platform the definitive edge in security intelligence.
Best Regards,
Mazin Ahmed