Bring intelligence to your warehouse
Use Datazag datasets directly in cloud analytics, SIEM enrichment, threat hunting, fraud systems and data science workflows.
Infrastructure Intelligence
Datazag delivers enriched domains, DNS, certificates, infrastructure, risk, relationships and history as cloud data shares, marketplace-ready datasets, APIs and curated views.
Use the data in your own lakehouse, warehouse, SIEM, analytics platform or product without building the infrastructure graph yourself.
Cloud-native data product
Curated datasets for teams that want enriched domain, DNS, certificate, provider, relationship and risk intelligence in their own environment.
Delivery formats
Data product value
The value is not a raw list of domains or IPs. It is the enriched context, relationship mapping, risk reasoning and historical state that make the data usable inside real workflows.
Use Datazag datasets directly in cloud analytics, SIEM enrichment, threat hunting, fraud systems and data science workflows.
DNS, certificates, hosting, ASN, provider labels, risk scores, reason codes and relationships are already joined into usable views.
Use snapshots, deltas and point-in-time context to understand what changed, when it changed and how infrastructure evolved.
Start with sample schemas, small extracts or curated views before moving into full cloud data shares or marketplace delivery.
Dataset families
Each dataset family can be delivered as a full table, curated view, sample extract, API-backed enrichment path or product-specific schema.
Domain posture, risk, provider footprint, DNS state, email controls, history and relationship fields for enrichment and scoring.
Expanded DNS, MX, NS, TXT and email-authentication context for reporting, hygiene, compliance and portfolio analysis.
Certificate Transparency events, SAN expansion, issuer context, platform hints and relationship pivots for early infrastructure discovery.
IP, ASN, prefix, cloud, hosting, CDN, country and provider attribution for logs, flows, customer records and security events.
Shared infrastructure, related domains, shared certificates, DNS relationships and evidence paths for campaign discovery and investigation.
Risk scores, threat bands, reasons, confidence context, snapshots, deltas and change indicators for model validation and time-aware analysis.
Already engineered
Datazag packages expansion, labelling, relationship analysis, history and evidence before the data reaches your warehouse or application.
Curated products
Curated products reduce engineering effort by packaging the right fields for common security, fraud, platform, portfolio and analytics use cases.
A joinable domain-level table for SOC enrichment, fraud scoring, ESP controls, customer hygiene and portfolio monitoring.
Iceberg · Delta · Parquet · API
Expanded DNS and email-authentication findings for remediation reporting, domain hygiene and systemic portfolio-risk analysis.
Iceberg · Delta · Reports
IP, ASN, prefix, provider and relationship context for investigating suspicious hosting, related assets and infrastructure reuse.
Iceberg · Delta · Cloud share
Certificate and newly observed domain intelligence for early alerting, platform impersonation discovery and watchlist monitoring.
Alerts · Iceberg · Delta
Curated views for domains, subsidiaries, suppliers, client estates and acquisition targets, with posture and trend context included.
Reports · Cloud share · Custom view
Ready to JOIN
The data is designed for SQL joins, enrichment pipelines, SIEM workflows, notebook analysis and data science features.
SELECT
logs.domain,
dz.risk_score,
dz.threat_band,
dz.hosting_provider,
dz.primary_asn,
dz.related_domain_count,
dz.reason_codes
FROM security_logs logs
LEFT JOIN datazag.domain_risk dz
ON logs.domain = dz.domain
WHERE dz.risk_score >= 80;Example output
risk_score94
threat_bandcritical
hosting_providerBulletproof Hosting Ltd
primary_asnAS64500
related_domain_count15
reason_codesnew_domain, shared_infra, risky_asn
Delivery
Teams can evaluate with samples and curated views, then move into cloud data shares, marketplace delivery, API enrichment or operational reports and alerts.
Primary data product
Native cloud-native datasets for analytical teams that want to join Datazag intelligence with their own logs, assets, alerts and customer records.
Request data share accessFor cloud buyers
Marketplace-ready packaging for teams buying through Snowflake, Databricks, Azure, AWS or Google Cloud procurement routes.
Discuss marketplace access →For products and workflows
Real-time lookup and enrichment for portals, fraud systems, SIEM workflows, policy engines and partner platforms.
View API pricing →For evaluation and operations
Start with reports, then move priority domains, brands, platforms or infrastructure into operational alerting.
View reports →Supported formats and destinations
Use cases
The same cloud-native datasets can support security operations, ESP abuse controls, portfolio reporting, diligence and analytical modelling.
Join domains, IPs and alerts with provider labels, relationships, reasons and historical context.
Score customer domains, links, landing pages and infrastructure using explainable domain and provider intelligence.
Analyse posture and exposure across many domains, subsidiaries, suppliers, clients or acquisition targets.
Use historical and portfolio-wide evidence for underwriting, renewal, exposure analysis and M&A security review.
Use stable features, historical slices and reason fields for modelling, agents, analytics and decision support.
Sources and governance
The Trust page covers the full governance model. This data-product page summarises the points technical and marketplace buyers usually need first.
Active DNS, Certificate Transparency, routing, ASN, provider, mail posture, platform and historical observations.
Published datasets expose derived Datazag fields, public infrastructure facts and product-approved context.
Internal-only validation signals and raw third-party feed membership are not published as standalone resale fields by default.
Field scope, refresh cadence, snapshot policy, historical coverage and permitted use are controlled per product.
Evaluate
A technical buyer should be able to inspect the schema, run a few joins and decide whether the data improves the workflow.
Inspect the columns, keys, refresh model and example joins before committing to a full data share.
Start hereTest a bounded sample in your warehouse, lakehouse or enrichment workflow.
Start hereStart with a purpose-built table for one use case, such as domain risk, DNS posture or infrastructure labels.
Start hereRun a short evaluation with current and historical slices, then decide scope and commercial packaging.
Start here