Bring XposedOrNot's breach intelligence into the tools you already use: SIEMs, threat-intelligence platforms, OSINT tooling and your own code. Every integration is built on the XposedOrNot API; an optional commercial key (opens in new tab) raises rate limits for high-volume use.
Official connector: automate domain exposure alerts and drive incident response with workbooks and analytics rules.
View on GitHub (opens in new tab)Official Splunk app: real-time updates on breached and exposed emails for your verified domains, aggregated and visualized inside Splunk.
View on Splunkbase (opens in new tab)Official integration for Wazuh 4.x: check emails from authentication and user-creation alerts against the breach database, with caching and alert-storm protection built in.
View on GitHub (opens in new tab)Official transforms that turn an email address into a visual breach-exposure graph: logos, timelines, records at scale and password-risk color-coding.
View on GitHub (opens in new tab)The free community API for breach data. Check emails, breach analytics and the full breach catalog.
Read the docsEight client libraries: Python, JavaScript/TypeScript, Go, Ruby, PHP, Rust, .NET and Java, all wrapping the same API.
Read the blog post (opens in new tab)Connect Claude and other AI assistants to breach intelligence over the Model Context Protocol at api.xposedornot.com/mcp.
Read the blog post (opens in new tab)Three integrations are in active development, each with a pull request under community review upstream.
Expansion and hover module: enrich email attributes with breach names, years, records, exposed data classes and password-storage risk.
Learn moreCortex analyzer for email observables: breach taxonomies, detailed reports and extracted breached-domain artifacts inside your cases.
Learn moreInternal-enrichment connector for Email-Addr observables: risk score, labels, breach-table notes and optional per-breach incidents.
Learn more