Intelligence and Context
GDELT
GDELT is the world’s largest archive of global events, updated every 15 minutes with news from thousands of media outlets in over 100 languages.
Three functions
gdelt_entity_search
Searches for recent news about an entity (person, company, country, domain):
from src.tools.gdelt_tool import gdelt_entity_searchresult = await gdelt_entity_search("Lazarus Group")# → Recent articles about the APT group, with tone and sourcesgdelt_topic_search
Searches for news about a topic or event:
result = await gdelt_topic_search("ransomware attack healthcare 2025")# → Media coverage of the topic with geopolitical contextgdelt_tone_analysis
Analyzes the tone of media coverage of an entity:
result = await gdelt_tone_analysis("Russia cybersecurity")# → Average tone, most negative sources, temporal trendNo API key
GDELT is completely free and requires no registration.
RSS Monitoring
Three curated news feeds:
rss_news_search
from src.tools.rss_monitor import rss_news_searchresult = await rss_news_search("supply chain attack npm")Searches in general feeds: Reuters, AP, BBC, El Pais, etc.
rss_financial_news
result = await rss_financial_news("bitcoin volatility exchange hack")Financial feeds: Bloomberg, FT, Reuters Finance, Expansion.
rss_security_news
result = await rss_security_news("zero-day exploit")Security feeds: Krebs on Security, Bleeping Computer, The Hacker News, Dark Reading, INCIBE.
Financial data
get_crypto_prices
Cryptocurrency prices and volatility via CoinGecko:
from src.tools.financial_data import get_crypto_pricesresult = await get_crypto_prices(["bitcoin", "monero", "ethereum"])Useful for ransomware investigations (wallets, payments) or when there is correlation between market movements and threat activity.
get_economic_indicator
Macroeconomic indicators via FRED (Federal Reserve):
result = await get_economic_indicator("UNRATE") # USA unemployment rateresult = await get_economic_indicator("CPIAUCSL") # CPIget_energy_prices
Oil, gas and electricity prices via EIA:
result = await get_energy_prices("crude_oil")ACLED — Conflict data
ACLED (Armed Conflict Location & Event Data) is the primary database of armed conflict events.
from src.tools.acled_tool import acled_conflict_eventsresult = await acled_conflict_events("UA", days=30)# → Conflict events in Ukraine in the last 30 daysUseful for correlating cyber activity with geopolitical events.
Country Risk Score
Calculates the Country Instability Index (CII) for a country:
from src.tools.country_risk import get_country_risk_scoreresult = await get_country_risk_score("RU")Combines data from ACLED, GDELT and other sources to produce a 0-100 country instability score.
AIS — Maritime traffic
Tools for investigations with maritime component:
ais_vessel_lookup
from src.tools.ais_tool import ais_vessel_lookupresult = await ais_vessel_lookup(mmsi="232006700")# → Current position, destination, ship type, flagais_chokepoint_activity
result = await ais_chokepoint_activity("suez")# → Current traffic at the Suez Canal: ships, types, countriesAvailable strategic points: suez, hormuz, malacca, bab_el_mandeb, bosphorus.
Useful for sanctions investigations (ships avoiding ports), maritime drug trafficking, or context of trade route conflicts.