Analyst

Elevate Your Investigations With Collaboration & Organization: PassiveTotal Projects

June 10, 2019

By Team RiskIQ

Projects within RiskIQ PassiveTotal make it easy for analysts to gather and share digital threat intelligence about current and ongoing digital threat investigations and known digital threat infrastructure. PassiveTotal Projects help you organize related digital threat infrastructure elements such as:

  • Domains
  • IPs
  • website trackers, and
  • WHOIS registrant information

Once organized, you can easily hand off investigations and share digital threat intelligence to other analysts or maintain an ongoing workspace for future research. These Projects include recent digital threat intelligence, many of which appear in the news, giving you a head start in your research.

As of June 2019, there are more than 1,600 public projects from 616 different contributors. Each of these is free to use by the entire security community. RiskIQ’s research team works closely with the analyst community and has published 41 curated public projects as starting points for new investigations. These Projects include recent threat intelligence, many of which appear in the news, giving you a head start in your research.

Featured RiskIQ Projects:

Magecart: https://community.riskiq.com/projects/29b34d00-0e49-ad5f-4886-8cd89deb9692

Wannacry: https://community.riskiq.com/projects/cc66064c-f94d-4b84-6bcc-4ff3cf51afa9

Fancy Bear: https://community.riskiq.com/projects/595028e7-753c-d437-444b-85689817dd8b

Learn more about Projects at https://help.passivetotal.org/ or create a project now.

Proactively Track Digital Threat Infrastructure Changes with PassiveTotal Monitors

Keeping track of activity on known malicious infrastructure can provide security operations groups with the needed insight to actively defend their networks. PassiveTotal allows you to view artifacts of interest for changes across data sets, making it easy for you to keep tabs on bad actors proactively.

Leveraging the datasets from RiskIQ, our monitoring framework will inspect for differences in resolutions, WHOIS records, data records, and associations. With the latest release of our monitoring framework, we have added support for the following datasets:

  • Passive DNS
  • WHOIS records
  • Keywords
  • SSL Certificates
  • Open Source Intelligence
  • RiskIQ’s Blacklist entities

By utilizing Monitors, you can automate a critical portion of your workflow. Instead of constantly checking for changes in infrastructure, or worse, missing them altogether, you’ll now be notified both in email and the PassiveTotal platform. These alerts are also available through our API, allowing you to automate the responses.

PassiveTotal monitors provide you with real-time, in-platform, notifications of alerting entities. Additionally, you can also receive an email digest outlining the specific changes that occur for each artifact you’re monitoring. The digest includes a summary in the email and CSV attachments for each data set with crucial information about what changed.

With Projects, RiskIQ PassiveTotal makes it easy for analysts to gather and share information about current and ongoing digital threat investigations and digital threat intelligence.

Learn more about Monitors at https://help.passivetotal.org/infrastructure_monitoring.html OR Add to A Project Now

Have Questions? Open a chat in PassiveTotal!

Featured Posts

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor