Skip to content
wiki.fftac.org

What People Want From Osint Platforms - Source Excerpt 02 - Functional Requirements and Integrations

Back to What People Want From Osint Platforms

Summary

This source excerpt begins near Functional Requirements and Integrations and preserves the surrounding evidence from 2IA.org/agent-file-handoff/Archive/2026-05-16-publication-system-followup/What People Want From OSINT Platforms.md.

**Source path:** 2IA.org/agent-file-handoff/Archive/2026-05-16-publication-system-followup/What People Want From OSINT Platforms.md

2. **Geolocating and chronolocating events from images, video, and metadata.** Bellingcat calls geolocation “one of the main methods of open-source research,” GIJN highlights geolocation as a key investigative technique for reporters, and recent digital-forensics literature treats multimedia geolocation as increasingly important in cases such as human trafficking and child exploitation. citeturn23view1turn16view0turn9search11

3. **Finding nonobvious relationships among people, businesses, locations, devices, and events.** This is the classic link-analysis use case. Maltego’s law-enforcement and geospatial documentation emphasize surfacing connections across multiple data sources; LexisNexis due-diligence products repeatedly market the ability to uncover related businesses, individuals, assets, and suspicious activities; OpenCTI is built as a knowledge graph for entities and relationships. citeturn19view1turn23view0turn30view0turn16view13turn11search14

4. **Monitoring emerging incidents, threats, and narratives in near real time.** ASIS argues that private-sector security needs a more dynamic OSINT approach beyond one-off threat assessment, while Maltego Monitor and OpenCTI streaming features show how vendors now package live social, news, and event ingestion for operational response. citeturn14view0turn25search3turn25search1turn25search5

5. **Due diligence, sanctions, fraud, and third-party risk screening.** Corporate and financial investigators want OSINT to answer “who is this actor really connected to?” LexisNexis explicitly centers vendor screening, suspicious ownership, regulatory non-compliance, and ongoing monitoring; Bellingcat’s financial investigations unit uses OSINT to uncover illicit financial networks and opaque corporate structures. citeturn30view0turn30view1

6. **Threat-intelligence ingestion, enrichment, and sharing.** In CTI-heavy environments, the use case is less “hunt manually” and more “normalize, enrich, correlate, and distribute.” MISP emphasizes default OSINT feeds, open standards, and API interoperability, while OpenCTI provides connectors, feeds, live streams, and GraphQL automation. citeturn16view9turn16view8turn13view7turn13view8turn16view11

7. **Public-interest and community investigations.** Trace Labs crowdsources missing-person investigations and training; academic work on OSINT Research Studios and OSINT clinics shows growing interest in supervised, collaborative, and educational OSINT for real-world cases. citeturn13view17turn14view7turn28view1turn28view2

A useful analytical distinction comes from ASIS: open-source information is not yet intelligence until it has been processed, assessed, and disseminated to answer a requirement. Users therefore want OSINT platforms that shorten the path from raw public data to defensible analytic judgments. citeturn14view0turn14view2

## Functional Requirements and Integrations

Across the source set, the highest-priority functional requirements are these:

1. **Breadth and currency of data sources.** Users want access to public websites, social platforms, dark web sources, commercial records, mapping and satellite tools, transportation data, registries, sanctions data, threat feeds, and their own internal systems. Maltego’s Transform Hub, OpenCTI’s connectors and feeds, MISP’s default OSINT feeds, GIJN’s database-by-country resources, and LexisNexis due-diligence and public-safety offerings all point in the same direction: source breadth is foundational. citeturn12view2turn16view11turn13view8turn16view9turn16view6turn30view0

2. **Fast search, filtering, and entity resolution.** OpenCTI treats filters as a cross-platform primitive for lists, graphs, feeds, dashboards, and exports; Maltego supports Quick Find plus text, time, and number filtering; Hunchly uses tags and history filtering; LexisNexis emphasizes rapid search across thousands of sources. Search is expected to be precise, saveable, and sharable, not just full-text. citeturn23view3turn23view4turn22search2turn22search6turn19view2

3. **Preservation, hashing, provenance, and reproducibility.** Evidence capture is not optional. Hunchly’s evidence guide covers hashing, GPG signing, and deletion logging; Bellingcat built Auto Archiver to preserve disappearing content; College of Policing requires audit trails; NIST formalizes chain of custody. This is the most important functional/nonfunctional bridge in the market. citeturn14view5turn20view2turn31view1turn15view6

4. **Geolocation, timeline, and link analysis.** These visualization layers are not cosmetic. Users want to see where something happened, when it happened, and how entities connect. Bellingcat and GIJN center geolocation; OpenCTI exposes graph, timeline, correlation, and matrix views; Maltego adds precise geospatial link analysis and graph layouts. citeturn23view1turn16view0turn13view5turn23view0turn23view7

5. **Automation, feeds, and APIs.** This is especially essential for CTI, enterprise security, and larger investigative teams. OpenCTI exposes GraphQL APIs, connectors, live streams, TAXII, RSS, JSON, and CSV ingestion; MISP exposes open APIs, workflows, webhooks, and action modules. Heavy users want repeatable pipelines more than point-and-click workflows. citeturn13view7turn13view8turn25search1turn16view10turn16view8

6. **Multilingual and cross-lingual research support.** Amnesty states plainly that “human rights investigations are international by nature,” and shows how translation can reveal location, names, and context. Bellingcat’s own AI-geolocation work notes that one advantage of LLMs is searching in multiple languages. Multilingual work is not a niche requirement; it is core to cross-border investigations. citeturn23view2turn13view12

7. **Real-time monitoring and stream processing.** Public-safety, CTI, and corporate-risk teams increasingly want event- and region-focused dashboards, live news and social monitoring, and real-time stream consumption. Maltego Monitor and OpenCTI data streaming document that shift explicitly. citeturn25search3turn25search1turn25search5

8. **Collaboration and explainable reporting.** OSINT is rarely solo at professional scale. Users want cases, notes, annotations, shareable views, reports, and exports that show how conclusions were reached. OpenCTI supports analysis views and sharing; Hunchly packages client- and court-ready outputs; collaborative academic frameworks and community projects show why shared workspaces matter. citeturn13view5turn13view3turn28view0turn28view1

The table below compares feature salience by user group. “Critical” means the feature is consistently central to the persona’s primary workflow; “High” means it is important but not always decisive; “Moderate” means useful but not typically the first buying or adoption criterion.