SophosLabs Intelix

Supports informed decisions by providing detailed, explainable, and proven threat intelligence.

See Intelix in Action

High-Fidelity Threat Intelligence

SophosLabs Intelix provides threat classification and deep analysis for known clean and malicious objects, including files, web pages, and IP addresses. Receive detailed analysis and just-in-time verdicts for suspicious threat objects.

Intelix is integrated into all Sophos products, providing zero-day protection and threat classification. Customers can incorporate Intelix into products, services, and infrastructure via APIs from the AWS Marketplace or OEM partnerships.

Delivered from SophosLabs' cloud, it provides security without impacting performance. Intelix is the only place where all Sophos detection technologies are applied simultaneously.

SophosLabs Intelix Logo

Use Cases

Incremental Protection

Sophos products, such as Sophos Firewall and Sophos Email, and other Sophos products can submit suspicious files to Intelix for deep analysis to accurately detect zero-day threats.

When detonating a file, Intelix sees the entire attack chain, allowing informed security decisions based on the exhibited behaviors, not just the initial file.

Leveraging the scalability and power of the cloud, Intelix can perform more detailed analysis than what's possible on an endpoint or firewall. Intelix includes decades of threat research and machine learning to provide the best conviction of malicious content.

Detailed Analysis

Threat hunters and security analysts rely on protection and detection technology to review and investigate suspicious behavior. Detailed and relevant intelligence is vital to support informed decisions throughout every investigation.

Sophos Intercept X with XDR integrates with Intelix to provide timely and relevant information, reducing the time required for analysts to make informed decisions.

Build Your Own Integration

Intelix can easily integrate into any application or environment and add valuable threat intelligence through API requests. It is available via AWS Marketplace for developers to integrate with existing infrastructure or, via OEM partnerships to build and sell in your product.

Add to your infrastructure

Add to your product

Professional Services

See the Power of Intelix Today

See Intelix in Action

Sophos Intelix


RESTful Threat Analysis and Intelligence

Augment Your Cybersecurity with our API Driven Platform

Powered by machine learning, decades of threat research, and petabytes of intelligence, SophosLabs Intelix™ gives your app superpowers to identify, classify, and prevent threats. Designed for easy integration into any application, augmenting your cybersecurity is only an HTTP request away.

DatasheetTry Now

Tap Into The Intelligence That Powers Sophos

SophosLabs Intelix™ is developed by the critically acclaimed, global Tier-1 threat research lab, SophosLabs, and used in all of Sophos’ industry leading cybersecurity solutions. Command the power of 30-plus years of SophosLabs experience in threat research and analysis through a suite of simple and rapid-response, RESTful APIs.


Powered by Data Science

Take advantage of industry-leading data science research into predictive analysis and detection through deep learning artificial neural networks and advanced learning and modelling techniques.


More Than Just Answers

Rich intelligence reports provide you with more than just the Good, the Bad, and the Unknown but actionable insight into the nature and capabilities of a threat so you can answer the hardest questions.

Comand line interface

Data Quality and Breadth

Curated, aggregated, and consolidated threat intelligence sourced from disparate and complementary data sources with global visibility including intelligence derived from Sophos-protected networks and endpoints.

Data Sources

  • Sophos Telemetry
    (Network, Endpoint, Mobile)
  • Honeypots
  • File Submissions
  • Industry Intel Sharing
  • Spam Traps
  • Subscriptions
  • Web Crawlers
  • Open Source
Intelix logo


Global Reputation

Static Analyzers

Dynamic Analysis (Sandbox)

Machine Learning

Deep Learning

Threat Research

Reverse Engineering

API Services

  • Cloud Threat Lookups
  • Static File Analysis
  • Dynamic File Analysis

Three Easy to Use APIs

Cloud Threat Lookups

Take advantage of industry-leading data science research into predictive analysis and detection through deep learning artificial neural networks and advanced learning and modelling techniques.

Static File Analysis

Harness the power of multiple machine learning models, global reputation, deep file scanning, and more without needing to execute the file in real time.

Dynamic File Analysis

Detonate malware in real-time in a sandbox utilizing the latest analysis techniques for unmatched visibility into malicious files among the unknown and reveal the true nature and capabilities of a potential threat.

Never Trade Security for Performance

Triage with rapid lookups, deep dive with granular file analysis

With our progressive suite of intelligence APIs, quickly identify known threats via Cloud Threat Lookups before moving on to file uploads for detailed analysis with both Static File Analysis or Dynamic File Analysis.

See Documentation