Relativity’s Threat Intelligence Feed

Additional Info

Company size (employees)1,000 to 4,999
Headquarters RegionNorth America
Type of solutionCloud/SaaS


Relativity’s threat intelligence feed is for any legal or legal-adjacent professional wanting to collect Indicators of Compromise (IOCs) in order to build or improve their security program. This feed is aggregated from several sources, including SaaS e-discovery environments, our network of legal specific honeypots and other open-source intelligence feeds. This project incorporates:

1. Open-source threat intelligence (OSI) feeds. Reason: enrich telemetry data that is being harvested from our honeynet and to correlate legitimate indicators against our data feed

2. Honeynet. Reason: open source honeypots used harvest attack and endpoint telemetry from diverse geographical locations and system types

3. e-Discovery SaaS environment. Reason: legitimate legal service product to exam, understand, and collect attack data to correlate with Honeynet data, and OSI

4. nginx Webserver. Reason: hosts data feed that Legal Service companies can pull the data feed from directly

Our intelligence feed is aimed at providing indicators of compromise (IOCs) for live threats. An IOC is an artifact such as an IP address, domain, URL, file hash, etc., or anomalous behavior, location, or unusual network activity that indicates an observed attacker or potentially malicious action.

These indicators have been collected from several sources, including the RelativityOne environment, our network of legal-specific honeypots, and open-source threat intelligence feeds (OSINT). By aggregating this information, we aim to strategically identify threats that are likely to target our customers and others in the legal services industry and to deliver this data in an easily digestible format. Our IOCs also contain contextual information that provides details around the potential threats.

Additionally, all reported IOCs have an associated confidence score. The confidence score is calculated based on the context in which we observed it, additional sightings, and scoring provided from other intelligence sources.

How we are different

1. It’s closing the threat intelligence gap in the growing legal tech industry and protecting the public in the process. The best security is preventative and is designed to stop attacks before they happen. The Threat Intelligence Feed gives both Relativity customers and the public alike empowerment in this ongoing battle to protect their fortresses. The solution currently tracks nearly 30,000 indicators of compromise and is updated hourly, which is all pulled from data sources in RelativityOne authentication and firewall logs, legal specific honeypots, and the International Information Systems Security Certification Consortium.

2. It makes security knowledge more accessible and increases overall security awareness. The Threat Intelligence Feed is a free and easy-to-use tool that provides organizations with greater awareness of the security threats around them and helps bolster their security posture from external threat actors. Additionally, it’s easily accessible and can plug into any tools supporting feed API ingestion, including SIEM, firewall, TIP, SOAR and more, in order to identify suspicious activity.

3. It’s the first of its kind. Relativity’s Threat Intelligence Feed is the only security feed dedicated to the legal tech industry. It's a challenge to find applicable intelligence sources that specialize in reporting threats that target specific business verticals such as legal and legal-adjacent entities. Leveraging threat intelligence, particularly around known threats targeting legal entities, can help organizations improve their ability to prevent, detect and respond to potential threats within their network.