Skip to main content

1. Brand monitoring

Goal: know within minutes when your brand, product, or executives are mentioned at unusual volume, and who is saying what. Minimum tier: See (for watchlists and evidence).

Setup

Create a watchlist for your brand keywords and domain. 
curl -X POST https://intel-v1.exorde.io/v1/watchlists \
  -H "X-API-Key: $EXORDE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "acme-brand",
    "base_topic": "global",
    "terms": [
      {"type": "keyword", "value": "acme"},
      {"type": "phrase",  "value": "acme ceo"},
      {"type": "domain",  "value": "acme.com"}
    ]
  }'

Daily loop

  1. Pull volume to spot anomalies: GET /v1/watchlists/{id}/volume.
  2. Pull top entities to see who is being named: GET /v1/watchlists/{id}/entities.
  3. Pull the narrative to read the storyline: GET /v1/watchlists/{id}/narrative.
  4. Drill into posts for the spike: GET /v1/watchlists/{id}/posts.

Push mode — webhook alerts

Register a subscription so spikes come to you. 
curl -X POST https://intel-v1.exorde.io/v1/subscriptions \
  -H "X-API-Key: $EXORDE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "watchlist",
    "target_id": "wl_01HXYZ...",
    "sensitivity": "medium",
    "webhook_url": "https://hooks.slack.com/services/..."
  }'
sensitivity: medium is the right default — high only fires on large deviations, low produces noise.

2. Crisis detection — cyber incidents, breaking events

Goal: be first to know when a new incident, CVE, ransomware event, or outage is breaking in the conversation. Minimum tier: See for clusters and evidence, Watch is enough for volume alerts.

Awareness loop (Watch-tier, 60 seconds of setup)

curl https://intel-v1.exorde.io/v1/topics/cyber/alerts \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/cyber/volume \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/cyber/narrative \
  -H "X-API-Key: $EXORDE_API_KEY"
The alerts endpoint surfaces volume spikes, coordination signals, and new cluster emergences with confidence scores.

Investigation loop (See-tier)

When an alert fires: 
curl https://intel-v1.exorde.io/v1/topics/cyber/clusters \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/cyber/clusters/CLUSTER_ID/posts \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/cyber/entities \
  -H "X-API-Key: $EXORDE_API_KEY"
Clusters group posts by semantic similarity, so each cluster is one coherent incident or storyline. Pulling /posts for the cluster gives you the evidence trail — authors, platforms, first-seen timestamps, linked IOCs.

Push mode

curl -X POST https://intel-v1.exorde.io/v1/subscriptions \
  -H "X-API-Key: $EXORDE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "topic",
    "target_id": "cyber",
    "sensitivity": "high",
    "webhook_url": "https://your-soc-webhook.example.com/intake"
  }'

3. Disinformation and coordinated narrative tracking

Goal: identify synthetic campaigns, bot clusters, narrative injections, and deepfake claims before they go mainstream. Minimum tier: See (for clusters and evidence), Know recommended (for watchlist clusters and editorial reports).

The daily sweep

curl https://intel-v1.exorde.io/v1/topics/disinfo/narrative \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/disinfo/narratives \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/disinfo/clusters \
  -H "X-API-Key: $EXORDE_API_KEY"
Each cluster carries a coordination score weighted across temporal concentration, domain concentration, language uniformity, and cadence regularity. High-coordination clusters are your priority queue.

Deep-dive on a suspicious cluster

curl https://intel-v1.exorde.io/v1/topics/disinfo/clusters/CLUSTER_ID/posts \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/disinfo/platforms \
  -H "X-API-Key: $EXORDE_API_KEY"
Platform breakdown shows you whether the narrative is concentrated on one platform (telltale of single-vector operation) or genuinely cross-platform.

Track a specific campaign over time

curl -X POST https://intel-v1.exorde.io/v1/watchlists \
  -H "X-API-Key: $EXORDE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "campaign-xyz",
    "base_topic": "disinfo",
    "terms": [
      {"type": "phrase",  "value": "stolen election"},
      {"type": "entity",  "value": "operation-xyz"},
      {"type": "domain",  "value": "suspicious-site.tld"}
    ]
  }'
Then query watchlist clusters (Know tier) and narrative over rolling windows.

Editorial intelligence (Know tier)

For teams that need a weekly human-curated analytical brief: 
curl https://intel-v1.exorde.io/v1/topics/disinfo/reports/latest \
  -H "X-API-Key: $EXORDE_API_KEY"

curl https://intel-v1.exorde.io/v1/topics/disinfo/reports \
  -H "X-API-Key: $EXORDE_API_KEY"

Other patterns

These are common starting points; the building blocks (topics, watchlists, clusters, entities, narratives, evidence, alerts) compose into more.
  • Competitive intelligence — watchlist per competitor, daily volume + entities poll.
  • Election integritydisinfo topic + custom watchlist per candidate, coordination score triage.
  • Financial risk surveillancefinance topic, watchlist per portfolio ticker, volume alerts wired into a trading-desk Slack.
  • Executive protection — watchlist per VIP, high sensitivity webhook to a 24/7 intake.
Contact [email protected] to discuss bespoke use cases, private curated topics, or enterprise deployment.