Data Sources

Sentinel utilizes publicly available data sources to maintain up-to-date threat intelligence while remaining self-hosting friendly.

Firehol IP Lists

Sentinel integrates with FireHOL IP Lists to identify:

Malicious IP addresses (level1)
Known proxy servers (proxies)
Active TOR exit nodes (tor_exits)

Default Lists

Level 1 Threats: firehol_level1
Proxy Servers: firehol_proxies
TOR Exits: tor_exits

Custom Configuration

Override default sources using these environment variables:

FIREHOL_LEVEL1_URL=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
FIREHOL_PROXIES_URL=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxies.netset
FIREHOL_TOR_EXITS_URL=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/tor_exits.ipset

Disposable Email Domains

Sentinel detects temporary email addresses using domains from:

disposable-email-domains

Custom Configuration

Override the default source:

EMAIL_LIST_DISPOSABLE=https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/domains.txt

High-Risk Countries

Country List

Below is a list of high-risk countries identified based on observed levels of cyberattacks and spam activity. This includes countries such as the United States, China, and India. Sentinel will treat access from these locations as high-risk, which may trigger stricter security measures.

To avoid unnecessary restrictions for your users, you can whitelist specific country codes using the HIGH_RISK_COUNTRIES_EXCLUDE environment variable.

ISO Code	Country Name
ir	Iran
kp	North Korea
cu	Cuba
sy	Syria
by	Belarus
cd	Democratic Republic of the Congo
ru	Russia
ly	Libya
cf	Central African Republic
iq	Iraq
mm	Myanmar (Burma)
lb	Lebanon
so	Somalia
ve	Venezuela
zw	Zimbabwe
cn	China
sd	Sudan
us	United States
il	Israel
vn	Vietnam
in	India
pk	Pakistan
br	Brazil
ng	Nigeria
ua	Ukraine

Supporting These Projects

These data sources are freely available. Consider supporting the maintainers: