One graph. Everything connected.
Search any domain, IP, or network. See every connection — who owns it, what it hosts, how it routes, and how it changed in real time. Query instantly from your console, your SIEM, or your AI agent.
More than infrastructure data — a real-time intelligence layer
Whisper Graph unifies eight distinct data layers — DNS resolution, BGP routing, IP allocation, GeoIP, WHOIS ownership, DNSSEC, web hyperlinks, and threat intelligence — into one queryable graph. Every domain, IP, ASN, and registrant is a node. Every relationship between them is an edge. 7.38B nodes. 38.98B edges. 6.5M threat indicators streaming in from 40 live feeds. All updated in real time.
That layered model is what makes Whisper different. Other tools give you flat lookups: one indicator, one record. Whisper lets you traverse — pivot from a domain to its ASN to every other domain that shares that infrastructure, then back through ownership history and threat scoring, in a single Cypher query. With built-in procedures for explainable threat scoring, time-machine queries against historical state, and millisecond-scale latency at billion-edge depth, infrastructure intelligence becomes something you can build on.
What you can do with Whisper
Traverse the full graph
Multi-hop Cypher queries across DNS, BGP, WHOIS, threat, and web-link layers — in one statement, in milliseconds.
Time-machine queries
See what infrastructure looked like last week, last month, last year. whisper.history() returns historical state for any node or edge.
Correlate at scale
Pivot from one indicator to every shared piece of infrastructure — co-hosted domains, peer ASNs, common registrants — without manual joins.
Explainable threat scoring
40 live threat feeds plus structural risk signals (bulletproof neighborhoods, shared registrants, peering anomalies). Every score returns its evidence chain.
Cypher API + AI Context
Full Cypher over REST for pipelines. MCP for any AI agent. Native connectors for Splunk, Sentinel, OpenCTI, XSOAR.
Live counts, live data
Continuous ingestion from RIRs, BGP feeds, DNS scans, WHOIS, Common Crawl, and threat feeds. No daily snapshots — the graph is always current.
What teams actually use Whisper for
Whisper is built around real questions security and operations teams ask every day — but couldn't answer at speed before.
Map a campaign's blast radius
One indicator → the entire infrastructure cluster
Start with a suspicious IP or domain. Whisper traces every co-hosted host, peer ASN, shared registrant, and DNS sibling — the full attack surface — in one Cypher query. What used to take an analyst hours becomes a 200ms answer.
Key Benefits
Cut false positives in alert triage
Infrastructure context before the analyst opens the ticket
Every alert in Splunk or Sentinel gets enriched with ownership, hosting, ASN reputation, threat scoring, and historical context — automatically. Analysts decide in seconds, not minutes.
Key Benefits
Investigate historical change
Time-travel queries against any node or edge
Did this domain change registrar last quarter? When did this IP migrate to a new ASN? whisper.history() returns the full timeline. Perfect for incident reconstruction, attribution work, and compliance audits.
Key Benefits
Power AI investigations
Live infrastructure as context for any agent
Connect Claude, GPT, Cursor, or any MCP-compatible agent. Your AI gets real-time infrastructure intelligence as a tool — investigations, blast-radius reports, and enrichment narratives generated in plain language with structured evidence.
Key Benefits
One graph. Three ways into it.
Native connectors for your security stack. Full Cypher API for your pipelines. MCP for AI agents. Pick whichever fits — or use all three.
Direct API
Full Cypher query access over REST. Parameterized queries, millisecond-scale latency.
MATCH (h:HOSTNAME) -[:RESOLVES_TO]->(ip:IPV4)RETURN h, ip
Integrations
Native platform integrations. Install from the marketplace, authenticate, done.
AI Context
Give any AI agent live infrastructure context via MCP. One config, full graph access.
Built for the teams who chase the truth across the internet
Security analysts & SOC
Triage faster with infrastructure context inline in your SIEM. Stop pivoting between five tools to understand a single alert.
Threat intelligence & hunters
Map adversary infrastructure end-to-end. Cluster campaigns by shared hosting, registrants, and routing — not by IOC strings.
Network ops & risk
Audit your own attack surface, third-party dependencies, and historical configuration changes against the live internet graph.
AI builders & engineers
Give your agents real-time graph context via MCP, or build pipelines on a Cypher API that keeps up with billion-edge queries.
Why a graph beats a flat database
How Whisper compares to the legacy approaches
What Sets Whisper Apart
Real-time, not snapshots
Continuous ingestion from RIRs, BGP, DNS scans, WHOIS, Common Crawl, and 40+ threat feeds. The graph is current to within minutes.
Full graph, not flat lookups
Every relationship is a queryable edge. Pivot 5 hops deep across layers in a single Cypher statement.
BGP-aware, not just DNS
Native ASN, prefix, and peering data. Most enrichment tools stop at DNS — Whisper sees the whole routing layer.
Built for billion-edge queries
38B+ edges, custom storage engine, anchored queries return in milliseconds. Designed for graph-shaped workloads from day one.
Time-machine built in
whisper.history() returns historical state for any node or edge. No separate archive product.
API-first, MCP-native
Full Cypher over REST. Native MCP server for AI agents. The graph is open to whatever you build.
See what your current tools can’t see
Get a live demo with your own infrastructure data. Technical POC in days, not months.