Integrations

Overview

Diverg integrates with messaging platforms, automation tools, and external data providers. This page covers how to connect them and what each integration does.

Telegram

Receive investigation results and alerts directly in Telegram. You can:

• Get a summary when an investigation completes (with link to full report)
• Run quick checks from a bot (e.g. submit a URL or wallet and get a condensed result)
• Use Telegram for monitoring alerts (e.g. wallet activity, new vulnerabilities)

Setup is done in the Diverg dashboard: connect your bot token and choose the channel or chat where you want delivery.

CLI

The Diverg CLI runs on your machine and talks to the Diverg API. Use it for:

• One-off investigations from the terminal
• Scripts and automation (e.g. run a scan on every deploy)
• CI/CD pipelines (GitHub Actions, GitLab CI—plugins coming soon)

You authenticate with your API key; installation and usage instructions are provided when you get access. See Installation.

Webhooks

Register a URL to receive HTTP callbacks when jobs complete or when monitoring rules fire. Useful for pushing results into Slack, internal dashboards, or ticketing systems. Payloads include job ID and summary; you can then fetch the full report via API if needed.

Third-party API keys

To get the most from Diverg, you can configure API keys for blockchain data and web/OSINT tools. Keys are set in the dashboard (or via config in enterprise deployments). Without them, Diverg still runs but marks certain checks as skipped. See Fact-Only Reporting and Installation.

Blockchain data integrations

Our blockchain investigation pipeline uses five core data sources. Each adds a layer of depth—from on-chain state and token metadata to wallet attribution, flow mapping, and social linkage.

Arkham

What it is: Address intelligence and entity labeling across chains.

Value: We use the Arkham Intel API to attach labels and entities to wallet addresses—exchange deposits, known protocols, high-value wallets, and risk tags. That turns raw addresses into named actors (e.g. “Binance 1”, “Raydium LP”) and supports attribution and risk scoring.

What it lets us do deeper: Identify whether a wallet is tied to a CEX, protocol, or known entity; cross-reference target wallets against Arkham’s entity graph; improve report narratives with human-readable labels; flag high-risk or sanctioned entities when present in Arkham’s dataset. Request access at Arkham Intel API. Set ARKHAM_API_KEY in your environment.

Solscan

What it is: Solana block explorer and data API for tokens and holders.

Value: We use Solscan’s API for token holder counts, token metadata (name, symbol, supply), and explorer links. It gives us a quick view of who holds a token and how concentrated ownership is—essential for assessing distribution and potential manipulation.

What it lets us do deeper: See total holder count and top holders for any SPL token; pull metadata (name, symbol, decimals) for the token of interest; generate direct Solscan links in reports for manual verification; support “who holds this token” and “how concentrated” questions in investigations. Uses the public Solscan API.

Helius

What it is: Solana RPC and data platform offering Wallet API, DAS (Digital Asset Standard), and Enhanced Transactions.

Value: We use Helius for wallet identity, funded-by (who first funded a wallet), balances (tokens + USD for top assets), parsed history and transfers, Enhanced Transactions (human-readable type/source: SWAP, TRANSFER, NFT_SALE, etc.), and DAS (portfolio and single-asset metadata). One provider gives us both “who is this wallet” and “what did it do.”

What it lets us do deeper: Resolve wallets to known entities (exchange, protocol, KOL, scammer) via the Wallet API; trace funding source (first SOL in)—critical for sybil detection and attribution; build a full portfolio view (tokens + NFTs) and parsed tx history without raw RPC parsing; filter and analyze by transaction type and source. Get keys at Helius Dashboard. Set HELIUS_API_KEY.

FrontrunPro

What it is: Solana-focused intelligence and “smart money” platform, with a public Address Finder and an optional paid API.

Value: We integrate Address Finder (no API key) to go from a Twitter @handle or wallet fragment to a full Solana address. Optionally, with the paid API we can pull linked wallets, KOL follow lists, and CA history for deeper network mapping.

What it lets us do deeper: Social → chain: take a Twitter handle (or partial address) and resolve it to a Solana wallet for cross-referencing with our wallet list and reports; attribution—link public identities (e.g. promoters, team) to on-chain addresses; with the paid API: map wallet clusters and KOL/smart-money connections. No-cost: use Address Finder. Paid API: set FRONTRUNPRO_API_KEY and FRONTRUNPRO_BASE_URL.

Bubblemaps

What it is: Visual token flow and cluster analysis on Solana—who holds what, how tokens moved, and how wallets cluster.

Value: We use Bubblemaps via links in our reports (no API in-pipeline) to visualize flows and clusters around a token or set of wallets. It answers “how did this token move?” and “do these wallets cluster?” in a way that’s hard to get from raw tables.

What it lets us do deeper: Flow visualization—see token movement and concentration over time; cluster detection—identify wallet clusters (e.g. same funder, same behavior); narrative support—give reviewers a clear visual to back written findings; top holders and distribution—complement Solscan/Helius holder data with a spatial/cluster view. Used as a linked resource from investigation reports.

Summary: Together, Arkham (labels, entities), Solscan (holders, metadata), Helius (identity, funded-by, DAS, enhanced tx), FrontrunPro (social → wallet, clusters), and Bubblemaps (flow and cluster visuals) let us move from raw addresses and tx lists to attribution, funding trails, social linkage, and visual flow analysis—so we can go deeper on any Solana-focused investigation.

Solana ecosystem security framework

Diverg now includes a structured integration path for Solana ecosystem security operations. We transform public framework guidance into machine-readable profile outputs that render consistently across investigation and scanner surfaces, with dashboard-first action prompts.

• Framework references: Solana ecosystem program overview, STRIDE methodology, and SIRN intake path.
• Tier mapping: TVL-aware eligibility context for active monitoring and formal verification readiness.
• Incident workflow hooks: response owner, escalation contacts, and first-15-minute containment checklist prompts.
• Watchlist compatibility: profile sections are structured for future watchlist-triggered workflow automation.

Reference material: Solana ecosystem security, STRIDE, and SIRN request. For operational usage, start from the dashboard Solana Security Program card and use this page as supporting documentation.

Enterprise

On-premise and enterprise customers can add custom integrations: SSO (SAML/OIDC), threat-intel feeds, and internal tools. Request a booking at [email protected] to discuss.