Frequently Asked Questions

Liferaft continuously collects publicly available data and flags activity based on keywords, entities, locations, or risk categories you define. Features like Global Awareness provide real-time location-based alerts, while Curated Feeds surface local incidents as they unfold. Combined with AI-powered tools like Insights Digest and Live Insights, your team can quickly identify suspicious behavior, misinformation, or planned disruptions before they become incidents.

Liferaft’s intelligence tools are designed to cut through the noise. Alert Dedupe automatically removes duplicates, reducing alert volume by up to 60%. Insights Digest clusters related data into concise summaries, while LLM-powered tagging and sentiment analysis help classify risk levels automatically. The result: fewer false positives, more relevant alerts, and faster decision-making.

Liferaft’s monitoring runs continuously, so your team is notified as soon as relevant activity is detected. Alerts and summaries for Global Awareness, Queries, Followings, and deep/dark web monitoring are delivered in near real time through your preferred channels, including email, text, and Slack notifications. While delivery times can vary slightly based on the source, the platform is designed to surface critical intelligence quickly so your team can triage, investigate, and respond without delay.

Yes. Liferaft gives you complete control over how and when alerts are triggered. You can define the specific keywords, entities, risk categories, or locations you care about and receive notifications when those conditions are met. Alerts can also be tailored by severity or topic, ensuring your team focuses on high-priority threats without being overwhelmed by noise. This flexibility allows organizations to align monitoring and alerting to their unique risk profile and operational priorities.

Liferaft helps you identify fake accounts and impersonation attempts quickly. You can set up Queries to track names, job titles, and key identifiers tied to executives. The platform monitors mainstream and fringe social media, as well as deep and dark web sources, to catch impersonation attempts early. Alerts notify you in real time, while Dossiers centralize evidence and streamline escalation — helping legal, comms, or protective teams act fast.

Global threats require global visibility. Liferaft is designed to monitor across multiple languages, geographies, and platforms, from mainstream social media to regional networks and alternative communities. You can track risk around specific locations or assets, visualize incidents on interactive maps, and receive alerts within custom geographic radii,  helping security teams act locally while maintaining a global threat picture.

Yes. Liferaft continuously monitors online activity across mainstream social media, blogs, forums, and deep and dark web sources for early signs of public safety concerns. Using geospatial intelligence and custom alert parameters, teams can track threats like civil unrest, violent rhetoric, or coordinated activity near key locations. Real-time alerts and dashboards deliver actionable visibility, helping organizations and public safety teams respond proactively before incidents unfold.

Liferaft reduces friction in the escalation process. Live Insights flags priority risks in real time, Alert Dedupe cuts duplicate notifications by up to 60%, and Insights Digest organizes related incidents into actionable clusters. Once an incident is validated, you can escalate internally with Slack or email alerts, or document it directly into a Dossier for coordinated response across teams.

Liferaft’s wide-ranging data coverage, including alternative platforms, blogs, and fringe forums, helps you identify brand misuse, impersonation, or coordinated misinformation campaigns early. Sentiment Intelligence tracks shifts in public perception, while advanced filtering lets you focus on specific narratives or hashtags. When threats arise, you can investigate them deeper with Dossiers and share findings quickly with communications or legal teams.

With Global Awareness, teams can visualize and monitor potential unrest activity around specific sites, offices, or events. Real-time alerts notify you of new mentions within a defined radius, while Curated Feeds provide region-specific updates from official sources like emergency services and news outlets. Paired with Queries for keywords or organizations, this gives you early warning of potential disruptions and the context needed to plan an appropriate response.

While Liferaft doesn’t run response playbooks, it plays a critical role in crisis management by providing real-time intelligence to guide decision-making. During incidents, the platform surfaces emerging chatter, misinformation, and relevant activity across online spaces. Teams can use this insight to coordinate responses, inform stakeholders, and prioritize actions. 

Liferaft centralizes the entire investigation workflow from detection and enrichment to reporting and collaboration. You can gather intelligence from surface, deep, and dark web sources, enrich it with identity resolution tools, and manage the case within Dossiers. Integrated reporting, dashboards, and seamless data sharing streamline collaboration between security, legal, and communications teams for a more complete investigative process.

Liferaft retains collected OSINT data for as long as it’s relevant to your organization’s use case, and data retention policies can be tailored to align with your security, compliance, and legal requirements. Investigation materials stored in Dossiers remain accessible for historical reference and audit purposes, while automated collection can be configured to meet internal governance policies. For details on retention and your data rights, refer to our Privacy Policy.

Liferaft doesn’t store sensitive or private data on your behalf; it focuses on collecting and analyzing publicly available information from across the surface, deep, and dark web. However, features like Dossiers allow your team to organize, store, and manage investigation records directly in the platform, including evidence, notes, and uploaded files. This creates a secure, centralized workspace for ongoing cases while keeping control of your data firmly in your hands.

When building a case, historical context is key. Liferaft’s Following feature collects recent public posts from a given user’s profile. Investigators can then store relevant intelligence, documents, and images in Dossiers, creating an organized record of activity for ongoing or future reference.

While we don't automatically tag threats, we do automatically label topics, emotions, and determine the sentiment of detected insights. This allows an analyst the oversight to ensure the validity of surfaced data.

Liferaft combines automation and analyst-driven tools to validate threats and minimize false positives. Insights Digest helps confirm legitimacy by surfacing topics only after multiple sources or accounts discuss the same issue, increasing confidence in the alert. To reduce noise, analysts can use Alert Dedupe, custom keyword combinations, exclude terms, block authors, and limit results to verified or trusted accounts. This combination of automation and filtering ensures more accurate alerts and faster, more reliable threat validation.

Liferaft helps investigators uncover who’s behind suspicious activity and assess potential risk quickly and responsibly. People Search builds a detailed picture of an individual’s digital footprint, while Public Records adds deeper context, including past addresses, financial indicators, and criminal records (where legally permitted). Analysts can also collect and review a history of posts from associated accounts, making it easier to identify behavioral patterns, verify identities, and connect online activity to real people.

Advanced search is essential for turning massive volumes of open-source data into actionable intelligence. Liferaft’s search tools allow analysts to query across surface, deep, and dark web sources using complex operators, keywords, and entity filters. This precision enables faster investigations, more targeted monitoring, and deeper context on evolving threats without the noise of irrelevant data. It’s how security teams surface the “signal” that matters and make confident, data-driven decisions.

Liferaft monitors high-risk spaces, including deep-web forums and dark-web marketplaces where stolen data is often sold or shared. Search results surface potential leaks, while Queries and Global Awareness can help trace the source and scope of exposure. By consolidating findings in Dossiers, teams can investigate incidents, assess impact, and coordinate an appropriate response with stakeholders.

Read our case study: Biotech Company Uses Liferaft to Identify a Data Breach.

Yes. Liferaft uses AI to make alerts smarter, analysis faster, and insights more actionable, paired with human expertise for accuracy and context. Our responsible-AI program, Liferaft iQ, powers AI-Enhanced Search, Live Insights, Alert Dedupe, AI-Powered Reporting, and advanced geocoding & sentiment for earlier warnings with less manual effort.

Liferaft iQ is our responsible AI engine that makes threat intelligence faster, smarter, and more actionable. It powers key features across the platform, including AI-Enhanced Search, Live Insights, Alert Dedupe, AI-Powered Reporting, and advanced geocoding and sentiment analysis so your team can spot risks earlier with less manual effort. By clustering related activity, tagging threats automatically, and surfacing critical insights in real time, Liferaft iQ turns overwhelming data into clear, actionable intelligence that drives faster, more confident decisions.

Liferaft iQ helps investigators work smarter and faster by automating some of the most time-consuming parts of the process. It clusters related data, identifies hidden connections, and flags suspicious activity across sources so analysts can focus on deeper analysis instead of manual sorting. AI-powered geocoding and sentiment analysis add valuable context, while Live Insights proactively highlights high-risk behavior. Together, these capabilities surface patterns and relationships that might otherwise be missed, accelerating investigations and improving the accuracy of threat assessments.

AI-powered features like Alert Dedupe automatically eliminate duplicate alerts, reducing noise by up to 60%. Insights Digest goes a step further by clustering related content into a single, summarized view. Together, they keep teams focused on what matters most: verified, high-impact risks rather than wading through irrelevant chatter or redundant data.

With Live Insights, AI continuously scans for high-risk language and behaviors, pushing critical alerts to the top of the queue in real time. Geocoding helps pinpoint where potential threats are originating, while automated tagging prioritizes alerts by urgency. This smart triage workflow allows teams to escalate the right incidents quickly before they gain traction or become operational risks.
timent of detected insights. This allows an analyst the oversight to ensure the validity of surfaced data.

Liferaft uses AI-driven classification to make sense of large volumes of data fast. Sentiment Intelligence labels content as positive, negative, or neutral, while LLM-enhanced tagging categorizes threats by severity, type, or topic. This automation reduces manual sorting and gives analysts visibility into emerging risks for faster, more confident decision-making.

Liferaft iQ powers AI-driven reporting, turning complex data into clear, concise summaries that leadership can act on. Insights Digest and Executive Dashboards highlight trends, patterns, and changes over time, enabling security leaders to communicate risk to boards and stakeholders with confidence. That means less time spent writing reports and more time making strategic decisions backed by actionable intelligence.

Liferaft helps you quantify the value of your security operations. Dashboards visualize metrics like threat volume, response time, and alert reductions, while usage reports show platform adoption and analyst efficiency gains. By tying these metrics to outcomes like reduced incident costs or faster investigations, you can clearly show leadership how your team is driving business resilience and risk reduction.

Liferaft makes it easy to share intelligence with leadership. Executive Dashboards highlight high-level KPIs, risk trends, and threat volumes in a format that’s presentation-ready. Dashboards go deeper, providing event- or client-specific insights. And when you need quick, digestible updates, Insights Digest can be exported or emailed as a summary, perfect for briefings, board meetings, or cross-departmental updates.

With customizable dashboards and long-term trend analysis, Liferaft helps you move beyond reactive decisions. You can track shifts in threat patterns, map risk exposure over time, and identify emerging concerns early. These insights support budget planning, resource allocation, and executive decision-making, ensuring your security strategy stays aligned with evolving business priorities.

Liferaft provides built-in usage reporting and activity logs that give visibility into how the platform is being used, from the number of alerts processed to who accessed which data. These insights help managers measure team performance, monitor adoption, and ensure consistent workflows, while also providing documentation for audits, internal reviews, or executive reporting.

Liferaft simplifies audit preparation by maintaining a clear, documented record of activity. Audit logs track user actions and platform access, while usage reports provide visibility into how intelligence is collected and acted upon. Dossiers serve as a centralized evidence repository, making it easier to demonstrate due diligence, support investigations, and meet regulatory or internal compliance requirements during reviews.

Liferaft is designed for fast onboarding. Most teams can start collecting intelligence and receiving alerts within days of deployment. Setup is straightforward, from configuring watchlists and queries to integrating with existing tools. Our team provides hands-on support and training to accelerate adoption. Whether you’re a small team or a global GSOC, you can go from setup to actionable insights quickly.

Yes. Liferaft offers flexible seat options so you can tailor access to your team’s needs. In addition to full analyst seats, many organizations add View-Only seats to extend visibility to stakeholders without adding analyst overhead, or Dossier-Only seats for teams focused on investigations and reporting. This flexibility makes it easy to scale access across departments and ensure the right people have the right level of insight.

Liferaft’s pricing is designed to scale with your needs. Plans are based on the number of seats, data volume, and capabilities you require. Smaller teams can start with essential monitoring, while global programs can unlock enterprise-level visibility. Add-ons like People Search, Public Records, Global Awareness, and extended deep and dark web coverage let you tailor the platform to your risk profile. We’ll work with you to align a package that fits your goals, budget, and growth plans, ensuring you only pay for the capabilities you need.

Liferaft grows with you. Flexible packaging, modular add-ons, and enterprise features like Teams & Cases, audit logs, and advanced permissions make it suitable for small in-house teams, mid-size programs, and global security operations alike. As your needs evolve, you can expand coverage, increase data volume, and integrate with more systems without switching platforms.

Yes. Liferaft gives you control over how information is shared and accessed across your organization. You can define who has visibility into certain data, investigations, or projects based on their role and responsibilities, ensuring sensitive intelligence is only accessible to those who need it. Built-in access controls, activity tracking, and governance tools help maintain privacy, support compliance requirements, and keep collaboration secure without limiting the flow of critical information.

Liferaft is built to work alongside the tools you already use. It integrates with platforms like Kaseware, Resolver, TopoONE, and Everbridge, supports Authentic8 (A8) for safe investigations, and offers API access for custom workflows. This flexibility lets you push intelligence directly into your existing workflows.

Liferaft complements but doesn't replace your existing SIEM or SOAR platform. While SIEM and SOAR tools focus on internal network events and automated response workflows, Liferaft brings in the external picture, monitoring open-source intelligence (OSINT) from the surface, deep, and dark web. Through integrations with tools like Kaseware, Resolver, TopoONE, and Everbridge, and API access for custom connections, Liferaft feeds enriched, contextual intelligence into your security ecosystem so your internal and external data work together for faster, smarter decisions.

Liferaft makes it easier to measure performance and maturity. Executive and Analyst Dashboards visualize key metrics like response time, alert volume, and investigation throughput. Usage reports and audit logs show how your team is leveraging intelligence. These insights help large enterprises benchmark progress, identify gaps, and align threat intelligence programs with business objectives.

From data volume to operational complexity, Liferaft is designed for scale. The platform continuously collects from hundreds of thousands of sources across the surface, deep, and dark web, while features like Broad Collection, API access, and enterprise user controls support high-volume intelligence operations. Whether you’re monitoring one site or hundreds of assets worldwide, Liferaft delivers the visibility and control needed to operate confidently at scale.

Yes. Liferaft is designed to be powerful for analysts yet intuitive for non-technical users. The platform’s clean, modern interface and guided workflows make it easy for new users to configure alerts, run searches, and generate reports, often with little to no training. At the same time, features like custom queries, tagging, and integrations give more experienced users the depth they need. That balance helps teams of all skill levels collaborate effectively and get value quickly.

Getting started is simple. Once you sign, our team pairs you with a dedicated Customer Success Manager to guide onboarding from day one. Together, we’ll align on your risk priorities, configure watchlists, alerts, and dashboards, and train your team to get value quickly. Most customers begin seeing actionable intelligence within days. With ongoing support, best-practice recommendations, and expert guidance built in, Liferaft grows with you, helping your security team make smarter, faster decisions right from the start.

“The partnership you get from this company is phenomenal. It’s the people that makes this product.”

No. Liferaft does not use your organization’s data, searches, or investigation history to train our AI models. All AI-enabled capabilities are trained on separate, non-customer data sets. Your data remains private, secure, and isolated within your environment. This ensures that sensitive information stays protected and that AI-powered features operate within a framework that prioritizes privacy, compliance, and data integrity.

No. Liferaft isn’t designed to replace your SIEM or SOAR. SIEM and SOAR platforms manage internal security data, helping teams detect, correlate, and respond to events inside their networks and systems. Liferaft operates outside the perimeter, collecting, enriching, and contextualizing open-source intelligence (OSINT) from the surface, deep, and dark web.

No. Liferaft doesn’t take direct action to block domains, remove posts, or stop attacks, and that’s by design. Our platform focuses on detection, investigation, and decision support, helping your team understand risks before they escalate. Most customers connect Liferaft with their security infrastructure (like firewalls, SOAR, or incident response tools) to act on intelligence once it’s surfaced.

No. Liferaft is purpose-built for external threat intelligence and does not perform internal network scans, vulnerability assessments, or endpoint monitoring. Many customers pair Liferaft with internal security tools for full-spectrum visibility. We handle what’s happening outside your perimeter, while those tools monitor what’s inside.

No. Liferaft is strictly focused on open-source intelligence — data that is publicly available or legally accessible. We don’t attempt to bypass authentication, access private accounts, or scrape closed environments. This ensures our customers’ investigations remain legal, ethical, and compliant with global data-protection laws.

While Liferaft does not directly perform these services, we partner with trusted firms that do. Our detailed Dossiers provide the evidence and context those partners need to efficiently support takedown actions for malicious domains, fraudulent accounts, or leaked content.

No. Liferaft focuses on OSINT collection and analysis, we do not engage directly with threat actors or conduct human intelligence (HUMINT) operations. Our platform surfaces early-stage signals, patterns, and indicators so your team can investigate further or involve specialized partners where needed.

No. Liferaft is a software platform, not a physical security provider. We don’t offer on-the-ground response or guard services. Instead, we help those teams work smarter by providing the early intelligence, alerts, and investigative tools they need to plan, prepare, and respond proactively.

No. Liferaft focuses on open-source intelligence, not reverse engineering, malware analysis, or endpoint forensics. Many customers pair Liferaft with digital forensics or DFIR tools to investigate specific technical threats while using our platform for broader context and early warning.

No. Liferaft only collects publicly available or legally accessible data. It doesn’t bypass paywalls, scrape closed networks, or access private accounts, and that’s intentional. This ensures our customers’ investigations remain legal, ethical, and compliant with data protection laws.

No. Liferaft’s role ends with detection, analysis, and investigation support. We don’t run response playbooks or coordinate remediation. Most customers use Liferaft insights to inform and accelerate their existing incident response processes.