Flowsint
Graph-based OSINT platform for visual data analysis and investigations
AI Summary
Flowsint is a modern graph-based investigation platform for OSINT and cyber threat intelligence. The tool enables visual exploration of entities and their relationships, offers flexible data enrichment workflows, and can be modularly extended with external tools. Particularly notable is the integration with n8n for automation across 500+ services.
✓ Pros
- + Modular plugin architecture: OSINT tools can be flexibly added or exchanged
- + Visual graph exploration with intuitive user interface for entity relationships
- + Integration with n8n enables automation across 500+ external services
✗ Cons
- − Still in development: Important features such as STIX 2.x support and built-in enrichers are only planned
- − Requires technical know-how for webhook-based enrichers and workflow automation
Use Cases
- → Cyber Threat Intelligence: Analyze attack patterns and visualize relationships between threat actors
- → OSINT research: Collect, enrich, and link data from public sources
- → Investigative research: Uncover and document complex relationship networks
- → Automated threat monitoring workflows with alerts for suspicious patterns
Who is it for?
For cybersecurity analysts, OSINT researchers, investigative journalists, and corporate intelligence teams who need to visualize and analyze complex relationships.
Tags
What is Flowsint?
Flowsint is a graph-based investigation platform for OSINT and cyber threat intelligence. The core principle: entities and their relationships are visualised as an interactive graph, not as a table or list view. Analysts can explore and enrich connections between actors, domains, IPs or organisations directly in the graph. The platform is under active development. Features such as STIX 2.x support and integrated enrichers have been announced but are not yet available.
Core features
- Graph visualisation of entity relationships: Connections between data points can be traversed and documented in the graph, which helps maintain an overview in complex, widely branching networks.
- Modular plugin architecture: OSINT tools and data sources can be added as plugins without touching the core platform.
- Webhook-based data enrichers: External services deliver additional information about entities via webhook. This requires an understanding of HTTP workflows.
- n8n integration for automation: Via n8n, more than 500 external services can be connected, for example for automated threat monitoring with alerting on defined patterns.
- Flexible workflow design: Enrichment processes can be configured individually, rather than relying on a fixed catalogue of built-in sources.
Who is Flowsint for?
The primary audience is cybersecurity analysts and threat intelligence teams who need to map attack patterns and actor networks visually. OSINT researchers and investigative journalists uncovering relationship networks from public sources can also use the tool productively.
Anyone wanting to use Flowsint without a technical background will hit two concrete obstacles: configuring webhook-based enrichers requires knowledge of API integration, and automation via n8n assumes the ability to model workflows independently.
Context & alternatives
Flowsint operates in the same segment as Maltego, the established standard for graph-based OSINT analysis. Maltego comes with an extensive catalogue of built-in transforms but is proprietary and expensive. Flowsint takes the opposite approach, favouring open modularity. Anyone wanting to integrate their own data sources and design workflows freely has more room to manoeuvre than with a ready-curated platform.
The key caveat remains the state of development. Teams that need STIX 2.x compatibility or a finished enricher catalogue today will have to wait or switch to more mature alternatives. Those who want to help shape a modular platform early on and have the technical foundation will find an approach here that the established tools do not offer.
