Paste any IP, domain, URL, or hash. SARA runs the same multi-source enrichment we use for tenant investigations and returns an analyst summary. No account, no sign-in.
An Indicator of Compromise (IOC) — an IP, domain, URL, or file hash — is a forensic artifact suggesting an intrusion. "Reputation" is the consensus across threat-intel feeds: is this IOC associated with known malicious activity, and how confident is each source? A single source rarely tells the full story; SARA aggregates eight independent feeds and weights the verdict accordingly.
A SIEM alert references an IP / domain / hash you've never seen. 30 seconds here tells you whether it's a known-bad worth escalating or a noisy false positive.
Quickly check the sender IP + every URL extracted from a suspicious email. Cross-reference with the Phishing Analyzer for the full mail-flow story.
Take an IOC you've confirmed bad in one investigation and check whether it touches anything else in your environment.
Pipe alert IOCs through the API on every detection. The free page is the same engine, exposed for ad-hoc checks.
SARA Open ships an OpenAI-compatible API. Call POST /api/v1/enrich — Multi-source enrichment for any IP / domain / URL / hash, with a verdict and analyst summary.
curl -X POST https://sara-open.sirp.io/api/v1/enrich \
-H "Authorization: Bearer $SARA_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "ip", "value": "8.8.8.8"}'
Read the API reference →