Odin -
Internet Scanning Tool

ODIN.io is a threat-hunting platform that maps the entire internet, indexing billions of IPv4 hosts and petabytes of exposed data. Its target users are security analysts, threat researchers, red teams, and incident responders who need to:

• Discover vulnerabilities in assets they own or monitor.
• Investigate suspicious entities (IPs, domains, hashes, buckets).
• Perform recon on exposed infrastructure across the web and dark web.

ODIN Search is a powerful open-source intelligence (OSINT) platform used by cybersecurity professionals to investigate digital assets, exposures, and indicators of compromise. Despite its technical robustness and access to rich datasets, users experience a steep learning curve and cognitive overload due to a query-only interface heavily reliant on Lucene syntax.

User research revealed that while expert users appreciate the control and depth Lucene offers, intermediate and novice users struggle to construct meaningful queries, navigate the interface, and interpret results efficiently. This disparity leads to inconsistent user experiences, decreased retention among new users, and reduced productivity for analysts under time pressure.

Additionally, the lack of visual hierarchy, intuitive filtering, and in-product guidance causes users to:

• Abandon searches due to failed syntax,
• Rely heavily on external documentation or community support,
• Miss out on critical insights hidden in less discoverable sections of the UI.

In an increasingly time-sensitive and high-stakes threat detection environment, users need a search experience that is:

• Flexible for experts,
• Guided for beginners,
• And efficient for daily operational tasks.

How might we redesign the ODIN search experience to support both novice and expert users—by improving discoverability, reducing friction in query construction, and enabling faster investigative pivots—without compromising the platform’s technical depth?

1. Discover – Understanding the Problem

Goals:

• Identify user pain points in the search experience.
• Understand how users currently interact with ODIN.

Methods Used:

• User Interviews & Think-Aloud Protocol
  Observed how cybersecurity professionals search for IPs/domains, their thought process, and where friction occurred.
• Heuristic Evaluation
  Applied usability heuristics to assess flaws in the search interface.
• Analytics & Heatmap Tools
  Used Google Analytics and Hotjar to track drop-offs, click patterns, and session recordings.
• Competitor Analysis
  Reviewed platforms like Shodan, BinaryEdge, LeakIX, and ZoomEye to benchmark features.
• User Surveys
  Quantified user frustration and expectations for filters, sorting, and speed.

2. Define – Framing the Core Problems

Activities:

• Affinity Mapping
  Clustered data from research into themes: usability issues, filter confusion, inconsistent result layout.
• Persona Creation
  Created profiles for two key users: a Pen Tester and a Threat Analyst.
• Empathy & Journey Mapping
  Tracked emotions, pain points, and goals at each search stage.

Problem Statements“Users are unable to efficiently find relevant information due to lack of filtering, unclear result labeling, and poor information hierarchy.”

3. Develop – Ideating Solutions

Activities:

• Ideation Workshops
  Brainstormed solutions like advanced filters, collapsible result cards, and interactive search previews.
• Wireframes & Low-Fidelity Prototypes
  Sketched new layouts for search results with better hierarchy and customization.
• Design Reviews
  Collaborated with engineers and stakeholders to align on feasibility and user impact.

4. Deliver – Testing & Iterating Final Designs

Activities:

• High-Fidelity Prototypes
  Created using Figma. Included advanced filters, pinned searches, preview cards, and improved data layout.
• Usability Testing
  Measured task success, completion times, and user satisfaction.
  Conducted A/B tests comparing old vs new layouts.
• Iterative Refinements
  Incorporated feedback to finalize the MVP-ready design.
Outcome:
• Improved engagement & search efficiency
• Better clarity, fewer drop-offs, and increased satisfaction
• Used in pitch that helped raise $24M in funding

Objective

To understand the current user experience, pain points, and expectations of cybersecurity professionals using ODIN’s search platform, especially in context of dark web scanning and information gathering.

Participant Profile

We interviewed 6 participants across different cybersecurity roles:

After conducting user interviews, we organized the insights into clusters to identify recurring themes, pain points, and opportunities for design improvement. Using digital sticky notes in FigJam, we grouped similar responses to form clear categories.

Grouped Insights

1. Search Experience & Efficiency
• “I don’t always know what syntax to use.”
• “Auto-suggestions would save me time.”
• “Search feels flat — everything looks the same.”
• “Search results lack hierarchy or sorting options.”
2. Data Interpretation Challenges
• “I get tons of results but can’t figure out what’s most important.”
• “It’s hard to tell which sources are trustworthy.”
• “Timestamp clarity is missing — when was this leaked?”
3. User Interface & Visual Clarity
• “Feels like information overload.”
• “Switching between tabs breaks my flow.”
• “Table view is dense and hard to scan quickly.”
4. Workflow Interruptions
• “I often lose my query and have to redo the search.”
• “No way to bookmark or save searches — very frustrating.”
• “I want a recent searches panel.”
5. Comparison with Competitors
• “Shodan gives me cleaner results.”
• “ZoomEye has better filters for specific queries.”

Based on the interview and affinity map, we crafted user personas to represent key user archetypes. These personas guide our design decisions by keeping user needs front and center.

Alex – The Threat Intel Analyst

Basic Info:

• Name: Alex
• Age: 32
• Occupation: Threat Intel Analyst
• Location: California, USA
• Experience: 4 Years

Goals:

• Identify exposed data quickly during investigations.
• Save and revisit frequent search queries.

Frustrations:

• No saved query history.
• Results feel unprioritized and overwhelming.

Quote

“I need to make quick decisions based on data, but ODIN slows me down with too much noise.”

Priya – The Security Researcher

Basic Info:

• Name: Priya
• Age: 29
• Occupation: The Security Researcher
• Location: California, USA
• Experience: 5 Years

Goals:

• Use ODIN for deep reconnaissance and enrichment.
• Export clean datasets to compare with internal tools.

Frustrations:

• Missing advanced filtering options.
• UI doesn’t scale well with deep or complex queries.

Quote

“The potential is great, but I struggle to extract usable insights from the raw data.”

We mapped out the end-to-end journey of a typical user (Raj, our Threat Intel Analyst persona) interacting with ODIN’s search feature to uncover critical moments of friction and opportunity.

Based on our research and mapping, we identified the core user problem:
Security analysts using ODIN’s search feature struggle to extract meaningful insights quickly due to a lack of guidance, overwhelming results, and the inability to revisit or organize search queries efficiently.

How Might We (HMW) Questions

To fuel ideation, we reframed the problems into design opportunities:

• How might we help users build effective queries without needing to remember complex syntax?
• How might we present results with visual hierarchy to help users prioritize data faster?
• How might we reduce context switching while exploring detailed records?
• How might we enable users to save, manage, or revisit their search workflows easily?
• How might we make ODIN feel more like a power tool and less like a raw data dump?

To evaluate ODIN’s position in the threat intelligence landscape, we conducted a competitive UX review of four major platforms: Shodan, BinaryEdge, ZoomEye, and LeakIX. The goal was to understand how these tools support search workflows and identify UX best practices ODIN could adopt or improve upon.

Key Takeaways

• Most competitors fail at onboarding: Advanced users thrive, but new users struggle.
• Complex filters ≠ intuitive search: Guidance, not just power, makes a search tool usable.
• Visual overload is common: The market lacks clean interfaces that guide focus effectively.

The objective of the UX redesign of ODIN’s search experience was to streamline complex search tasks, reduce friction, and enhance usability, particularly for cybersecurity professionals relying on precision and efficiency. The improvements aimed to increase user satisfaction, reduce drop-off, and ultimately support the company’s revenue growth by improving retention and feature adoption.

Based on research insights, competitor gaps, and user pain points, I focused on crafting design solutions that balance functionality, clarity, and efficiency—especially for threat analysts working under pressure.

Design Goals

1. Reduce cognitive overload during search and result analysis.
2. Empower all users (novices to experts) with accessible query-building tools.
3. Streamline navigation and remove dead-ends or friction points in the workflow.
4. Improve scannability and prioritization in search results.
5. Facilitate continuity through saved searches and reusable sessions.

UX Principles Applied

The redesign of ODIN’s search experience was driven by a deep understanding of user behavior, pain points, and expectations within a technical and data-heavy environment. Through user interviews, usability testing, and competitor benchmarking, we identified critical friction points in the search journey and addressed them with targeted UX solutions — including smart suggestions, query assistance, improved result hierarchy, and contextual views.

The outcome was not only a significant improvement in user satisfaction and search efficiency but also measurable business impact: higher conversion rates, reduced churn, and fewer support tickets. The new experience empowers users to explore cybersecurity data with clarity, speed, and confidence — aligning usability with the power of ODIN’s capabilities.

This case study highlights how user-centered design, when combined with data-driven decisions, can transform a powerful but complex tool into an accessible and engaging product that drives growth.