How It Works

How It Works

Blueliv uses a tiered scalable architecture composed of an ingest layer, analysis, and visualization.

Blueliv Architecture


Ingest Multi-sourced Layer

The ingest layer is fed by open, private, and closed sources. Adding a new source is as easy as adding a new Java or Python plugin at the Blueliv administrative panel. As information comes into the Blueliv platform, we cloak the information and provide it with you. This prevents your organization from having to track underground forums, social networks, and the deep web from your public IP addresses and eliminates the risk of being detected by cyberactors.


The Blueliv platform performs powerful information normalization, enrichment, and data correlation and combines it with big-data storage for ongoing analysis. We are able to connect data across multiple Blueliv modules to identify common attack vectors and actors with superior correlation capabilities. Depending on the modules that you deploy, we monitor botnets, credit cards, malware, the deep internet, search engines, social networks, hacktivism, phishing, mobile networks and apps, brand abuse, social monitoring, and data leaks.


Powerful visualization tools are used to represent this data intuitively so that your organization can focus on actionable information.

Integration APIs

Effectively complement your internal firewall, IPS, and monitoring capabilities. Blueliv offers APIs and a powerful SDK to integrate Blueliv cyberthreat intelligence with your internal security operations center (SOC) or community emergency response team (CERT).

Demo Free Trial MSSP