Three ways to deploy
Speculus
API, managed integration, or on-prem database. Speculus is built for you.
The Speculus API
Direct, programmatic access to the NIO enrichment engine. A single REST call turns any IP address into a full intelligence object: threat score, geolocation, ASN, proxy flags, and a plain-English verdict. Built for developers who want to embed network intelligence directly into their stack.
- IP enrichment in under 50ms
- Threat scoring from 0–100 with plain-English verdict
- Geolocation, ASN, carrier & proxy detection
- REST Endpoints
- 99.9% uptime SLA with enterprise rate limits
The Integration Package
Everything in the API, plus a fully managed deployment into your existing security stack. We connect NIO enrichment directly into Splunk, Elastic, Microsoft Sentinel, Palo Alto, or any SIEM/SOAR your team already operates. Includes custom dashboards, alert workflows, and ongoing support.
- All API capabilities included
- Native connectors for Splunk, Elastic, Sentinel & more
- Custom threat dashboards and alert rule configuration
- Dedicated onboarding and integration engineering
- Quarterly threat intelligence briefings
MMDB Database
The full Speculus threat intelligence dataset in MaxMind Database format, delivered directly to your infrastructure for offline, zero-latency lookups. No API calls, no round-trips, no external dependencies. Ideal for high-throughput environments where every millisecond counts.
- Offline lookups with sub-millisecond query time
- Compatible with any MaxMind-compatible reader
- Weekly threat feed updates delivered to your endpoint
- Full NIO scoring, geolocation, ASN & proxy data on-prem
- Air-gapped and sovereign cloud deployments supported