No more typing reviews! Try our Samantha, our new voice AI agent.
SOC analyst l1 at a tech services company with 11-50 employees
Real User
Top 20
Jul 6, 2026
Proactive threat monitoring has strengthened client protection and reduces external attack risks
Pros and Cons
  • "There is all positive experience with SOCRadar Extended Threat Intelligence."
  • "Everything is good about SOCRadar Extended Threat Intelligence, but it produces too much noise that needs to be reduced."

What is our primary use case?

My main use case for SOCRadar Extended Threat Intelligence is tracking threat campaigns on our clients.

There was a recent Team 313 campaign going on, and on a public Telegram channel, they stated they were targeting a Dubai-based government. That Dubai-based government is integrated with us, so as a provisional measure, we made a case on high severity and told them to use rate limiting or other DDoS prevention techniques. This is how we use SOCRadar Extended Threat Intelligence.

We also use SOCRadar Extended Threat Intelligence to track the PII exposure of clients. For example, if there is a third-party application, such as a Udemy breach, we check if our client data is leaked or not. If we are logged in because of the credentials of that user, we will raise a high severity alert.

What is most valuable?

The best feature that SOCRadar Extended Threat Intelligence offers is its scans. It does passive scanning, and you will know if there is anything suspicious related to the client. In case there is an impersonation domain or any GitHub repository, you will know instantly. That's the best thing about SOCRadar Extended Threat Intelligence.

The passive scan definitely improves accuracy. If you do the manual work, it may take some time, around three to four business days. However, with SOCRadar Extended Threat Intelligence, you will get notified if there is a new domain formed or if the domain formed is related to the client. That's the best thing.

There is all positive experience with SOCRadar Extended Threat Intelligence. For example, if an exposed subdomain or leaked credential is detected through passive methods, the organization can take proactive actions, such as restricting access, resetting passwords, or enabling MFA. This reduces the risk of unauthorized access, data breaches, or account compromise.

Passive scanning improves our organization's security posture in measurable ways. It helps to reduce the external attack surface by identifying and removing exposed assets, such as new subdomains or open services. Our organization can track metrics corresponding to the number of exposed assets discovered versus remediated over time. This lowers the risk of account compromise by detecting leaked credentials.

What needs improvement?

Everything is good about SOCRadar Extended Threat Intelligence, but it produces too much noise that needs to be reduced. SOCRadar Extended Threat Intelligence works by keywords, so if there is a particular keyword that you have added, it will trigger an alert. Most of the time, those cases are false positives, so it does take time with the investigation you have done. This is a key improvement area. I would also suggest improving the customization options, such as a tailor-made dashboard, industry-specific intelligence, and more flexible alert rules. With SOCRadar Extended Threat Intelligence, there are no options to create rules; there is a fixed number of rules that will be triggered.

Regarding SOCRadar Extended Threat Intelligence's AI capabilities, the accuracy and reliability of output are not that accurate.

For how long have I used the solution?

I have been using SOCRadar Extended Threat Intelligence for around 1.3 years.

Buyer's Guide
SOCRadar Extended Threat Intelligence
June 2026
Learn what your peers think about SOCRadar Extended Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.

What do I think about the stability of the solution?

SOCRadar Extended Threat Intelligence is stable.

What do I think about the scalability of the solution?

SOCRadar Extended Threat Intelligence is pretty scalable.

How are customer service and support?

The customer support for SOCRadar Extended Threat Intelligence is pretty good. You will get a response within one business day. For example, if there is a takedown request, you will definitely get a faster response.

Which solution did I use previously and why did I switch?

We have only relied on SOCRadar Extended Threat Intelligence from the start and have not used any previous solutions.

Which other solutions did I evaluate?

We have evaluated other options with DarkOwl services, but SOCRadar Extended Threat Intelligence's services are pretty good. We spoke with different organizations regarding DarkOwl.

What other advice do I have?

I would advise others looking into using SOCRadar Extended Threat Intelligence to definitely go ahead, especially if you are a fresher, because the dashboard is pretty user-friendly. If you are new to dark web monitoring, SOCRadar Extended Threat Intelligence team is going to provide you with the guidance.

Time has definitely been saved. I rate this product an 8 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Jul 6, 2026
Flag as inappropriate
PeerSpot user
reviewer2867601 - PeerSpot reviewer
SOC Analyst L2 at a computer retailer with 11-50 employees
Real User
Top 20
Jul 6, 2026
Credential leaks have been detected faster and data sources now need clearer identification
Pros and Cons
  • "I am using the freemium tier of SOCRadar Extended Threat Intelligence, and it is a very good one."
  • "I think the feature about the data source, such as the Telegram channel or breach forums, should be more clear, containing the Telegram channel name or the breach forum name instead of just the link."

What is our primary use case?

My main use case for SOCRadar Extended Threat Intelligence is credential leakage. For example, I deal with leaked credential users, and those credential users are using the credentials to access the environment or something similar, such as a valid account.

What is most valuable?

SOCRadar Extended Threat Intelligence offers excellent features, including the differentiation between breaches and infostealers, and the classification of the data and the source from where it is collected.

When I mention classification of data and differentiating breaches from infostealers, this helps me decide if a situation is affecting the environment scale or a personal account. SOCRadar Extended Threat Intelligence has helped us monitor our environment for leakage or breaches.

I have noticed a faster response time. For example, a credential user was stolen by an infostealer, and we detected this through SOCRadar Extended Threat Intelligence before any incident occurred.

What needs improvement?

I think the feature about the data source, such as the Telegram channel or breach forums, should be more clear, containing the Telegram channel name or the breach forum name instead of just the link.

For how long have I used the solution?

I have been using SOCRadar Extended Threat Intelligence for almost six months.

What do I think about the stability of the solution?

SOCRadar Extended Threat Intelligence is good and stable.

What do I think about the scalability of the solution?

SOCRadar Extended Threat Intelligence has good scalability.

How are customer service and support?

My company does not have a business relationship with this vendor other than being a customer.

Which solution did I use previously and why did I switch?

I previously used a few different solutions, including Group-IB.

How was the initial setup?

I think the pricing, setup cost, and licensing of SOCRadar Extended Threat Intelligence are good.

What about the implementation team?

I am using the freemium tier of SOCRadar Extended Threat Intelligence, and it is a very good one. I am not investing more and getting very good value. Since I am using the freemium tier, this reflects in money-saving ways.

What was our ROI?

I think the return on investment is good and looking positive regarding the features of SOCRadar Extended Threat Intelligence.

What's my experience with pricing, setup cost, and licensing?

I think the pricing, setup cost, and licensing of SOCRadar Extended Threat Intelligence are good.

Which other solutions did I evaluate?

I evaluated other options before choosing SOCRadar Extended Threat Intelligence, such as Group-IB.

What other advice do I have?

My advice to others looking into using SOCRadar Extended Threat Intelligence is that it is a good solution. SOCRadar Extended Threat Intelligence sits very well with other competitors, and very few companies are better than SOCRadar. SOCRadar Extended Threat Intelligence's AI capabilities are good and accurate. I found this interview good and do not think anything needs to change for the future. I would appreciate a short poem to summarize my review. I gave this product a rating of seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 6, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free SOCRadar Extended Threat Intelligence Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free SOCRadar Extended Threat Intelligence Report and get advice and tips from experienced pros sharing their opinions.