Infrastructure Intelligence

Cloud-native cyber intelligence datasets.

Datazag delivers enriched domains, DNS, certificates, infrastructure, risk, relationships and history as cloud data shares, marketplace-ready datasets, APIs and curated views.

Use the data in your own lakehouse, warehouse, SIEM, analytics platform or product without building the infrastructure graph yourself.

Cloud-native data product

Infrastructure intelligence, ready to join.

Curated datasets for teams that want enriched domain, DNS, certificate, provider, relationship and risk intelligence in their own environment.

Delivery formats

Iceberg
Delta
Parquet
Cloud shares
Marketplace
API
Snapshots
Deltas

Data product value

Useful intelligence, already joined and ready to query.

The value is not a raw list of domains or IPs. It is the enriched context, relationship mapping, risk reasoning and historical state that make the data usable inside real workflows.

Bring intelligence to your warehouse

Use Datazag datasets directly in cloud analytics, SIEM enrichment, threat hunting, fraud systems and data science workflows.

Skip the raw-data engineering

DNS, certificates, hosting, ASN, provider labels, risk scores, reason codes and relationships are already joined into usable views.

Query current and historical state

Use snapshots, deltas and point-in-time context to understand what changed, when it changed and how infrastructure evolved.

Evaluate as a product, not a feed

Start with sample schemas, small extracts or curated views before moving into full cloud data shares or marketplace delivery.

Dataset families

The field groups technical buyers ask for first.

Each dataset family can be delivered as a full table, curated view, sample extract, API-backed enrichment path or product-specific schema.

Domain Intelligence

Domain posture, risk, provider footprint, DNS state, email controls, history and relationship fields for enrichment and scoring.

DomainFirst seenDNS postureEmail postureProvider labelsRisk scoreReason codes

DNS and Mail Posture

Expanded DNS, MX, NS, TXT and email-authentication context for reporting, hygiene, compliance and portfolio analysis.

A / AAAAMXNSTXTSPFDKIMDMARCBIMIMTA-STS

Certificate Intelligence

Certificate Transparency events, SAN expansion, issuer context, platform hints and relationship pivots for early infrastructure discovery.

IssuerSANsFingerprintNot beforeNot afterNew issuanceRelated domains

Infrastructure Labels

IP, ASN, prefix, cloud, hosting, CDN, country and provider attribution for logs, flows, customer records and security events.

IPASNPrefixCountryCloudHostingCDNDNS providerRegistrar

Relationship Graph

Shared infrastructure, related domains, shared certificates, DNS relationships and evidence paths for campaign discovery and investigation.

Related domainsShared IPsShared certsShared DNSClustersEvidence paths

Risk and History

Risk scores, threat bands, reasons, confidence context, snapshots, deltas and change indicators for model validation and time-aware analysis.

Risk scoreThreat bandReasonsConfidenceSnapshotsDeltasTime travel

Already engineered

Less raw collection. More usable intelligence.

Datazag packages expansion, labelling, relationship analysis, history and evidence before the data reaches your warehouse or application.

Raw DNS records
Expanded DNS, mail posture, provider labels and remediation context
Raw IP address
ASN, prefix, country, cloud, hosting and infrastructure risk
Single domain
Related domains, shared certificates, provider footprint and relationship paths
Certificate event
SAN expansion, platform hints, issuer context and early infrastructure pivots
Point-in-time label
Snapshots, deltas, first-seen, last-seen and change indicators
Opaque score
Risk score, threat band, confidence and reason codes

Curated products

Start with the table that matches the workflow.

Curated products reduce engineering effort by packaging the right fields for common security, fraud, platform, portfolio and analytics use cases.

Domain Risk Dataset

A joinable domain-level table for SOC enrichment, fraud scoring, ESP controls, customer hygiene and portfolio monitoring.

Iceberg · Delta · Parquet · API

DNS Posture Dataset

Expanded DNS and email-authentication findings for remediation reporting, domain hygiene and systemic portfolio-risk analysis.

Iceberg · Delta · Reports

Infrastructure Reputation Dataset

IP, ASN, prefix, provider and relationship context for investigating suspicious hosting, related assets and infrastructure reuse.

Iceberg · Delta · Cloud share

Certificate and New Domain Dataset

Certificate and newly observed domain intelligence for early alerting, platform impersonation discovery and watchlist monitoring.

Alerts · Iceberg · Delta

Portfolio Intelligence View

Curated views for domains, subsidiaries, suppliers, client estates and acquisition targets, with posture and trend context included.

Reports · Cloud share · Custom view

Ready to JOIN

Turn one log value into context, evidence and action.

The data is designed for SQL joins, enrichment pipelines, SIEM workflows, notebook analysis and data science features.

SELECT
  logs.domain,
  dz.risk_score,
  dz.threat_band,
  dz.hosting_provider,
  dz.primary_asn,
  dz.related_domain_count,
  dz.reason_codes
FROM security_logs logs
LEFT JOIN datazag.domain_risk dz
  ON logs.domain = dz.domain
WHERE dz.risk_score >= 80;

Example output

risk_score

94

threat_band

critical

hosting_provider

Bulletproof Hosting Ltd

primary_asn

AS64500

related_domain_count

15

reason_codes

new_domain, shared_infra, risky_asn

Delivery

Use the route that matches your buying and engineering model.

Teams can evaluate with samples and curated views, then move into cloud data shares, marketplace delivery, API enrichment or operational reports and alerts.

Primary data product

Cloud data shares

Native cloud-native datasets for analytical teams that want to join Datazag intelligence with their own logs, assets, alerts and customer records.

Request data share access
Iceberg
Delta
Parquet
Incremental updates
Snapshots
Time travel
Bring your own compute
SQL-ready joins

For cloud buyers

Marketplace delivery

Marketplace-ready packaging for teams buying through Snowflake, Databricks, Azure, AWS or Google Cloud procurement routes.

Discuss marketplace access

For products and workflows

API enrichment

Real-time lookup and enrichment for portals, fraud systems, SIEM workflows, policy engines and partner platforms.

View API pricing

For evaluation and operations

Reports and alerts

Start with reports, then move priority domains, brands, platforms or infrastructure into operational alerting.

View reports

Supported formats and destinations

IcebergDeltaParquetSnowflakeDatabricksAzureAWSGoogle CloudJSON API

Use cases

One intelligence layer, several data workflows.

The same cloud-native datasets can support security operations, ESP abuse controls, portfolio reporting, diligence and analytical modelling.

Threat hunting and SOC enrichment

Join domains, IPs and alerts with provider labels, relationships, reasons and historical context.

ESP and platform abuse controls

Score customer domains, links, landing pages and infrastructure using explainable domain and provider intelligence.

Portfolio and supplier risk

Analyse posture and exposure across many domains, subsidiaries, suppliers, clients or acquisition targets.

Cyber insurance and diligence

Use historical and portfolio-wide evidence for underwriting, renewal, exposure analysis and M&A security review.

Data science and AI workflows

Use stable features, historical slices and reason fields for modelling, agents, analytics and decision support.

Sources and governance

Transparent enough to evaluate. Controlled enough to license.

The Trust page covers the full governance model. This data-product page summarises the points technical and marketplace buyers usually need first.

Observation layers

Active DNS, Certificate Transparency, routing, ASN, provider, mail posture, platform and historical observations.

Derived intelligence

Published datasets expose derived Datazag fields, public infrastructure facts and product-approved context.

Restricted inputs

Internal-only validation signals and raw third-party feed membership are not published as standalone resale fields by default.

Schema discipline

Field scope, refresh cadence, snapshot policy, historical coverage and permitted use are controlled per product.

Evaluate

Try the data before you commit.

A technical buyer should be able to inspect the schema, run a few joins and decide whether the data improves the workflow.

Sample schema

Inspect the columns, keys, refresh model and example joins before committing to a full data share.

Start here

Small extract

Test a bounded sample in your warehouse, lakehouse or enrichment workflow.

Start here

Curated view

Start with a purpose-built table for one use case, such as domain risk, DNS posture or infrastructure labels.

Start here

Pilot data share

Run a short evaluation with current and historical slices, then decide scope and commercial packaging.

Start here