Back

The Vertex Project

OSINT
Read Docs
Read Datasheet
OVERVIEW
SpyCloud’s integration with Vertex Synapse equips threat investigators and OSINT analysts with enriched visibility into exposed identities, infrastructure, and credentials tied to cybercrime activity. By embedding SpyCloud’s breach and malware intelligence into Synapse’s knowledge graph, analysts can pivot on selectors like email, username, IP, domain, or phone number to uncover hidden identity relationships and map digital footprints across the criminal underground. Whether identifying reused credentials or tracking malware-compromised users, this integration strengthens attribution, expands context, and accelerates investigative workflows.
BENEFITS
  • Uncover Hidden Links
    Pivot across breached accounts, reused credentials, and malware-infected assets to reveal identity overlaps and behavioral patterns.
  • Support Attribution
    Correlate exposed user identities with infrastructure and compromised assets to build profiles of threat actors or mule networks.
  • Map Digital Footprints
    Visualize how an individual or organization appears across breaches, infections, or spoofed services using graph-based exploration.
  • Accelerate Discovery
    Automate queries using Storm commands (spycloud.investigations, spycloud.consumer.ato) to enrich data with minimal manual effort.
  • Prioritize Threats
    Filter exposure results by severity, source, or time frame to focus on the most relevant and actionable intelligence.
HOW IT WORKS

SpyCloud Okta Workforce Guardian leverages the SpyCloud Enterprise Protection API and Okta Workflows to continuously validate your organization’s Okta Directory for credential exposures. When a compromised credential is identified, Okta Workforce Guardian executes automated, policy-driven responses that can include:

  • Flagging or notifying exposed users through Okta Workforce or email
  • Enforcing password resets to immediately invalidate compromised credentials
  • Revoking active Okta session cookies to terminate live sessions and stop attackers mid-access
  • Disabling or restricting user accounts based on exposure severity
  • Changing user groups to trigger access controls
  • Logging all remediation events for audit and compliance tracking