See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
December 9, 2016, Brandon Dixon
Over the last three years, the need for dedicated threat analysis teams and incident responders has grown exponentially. Having a dedicated hunting team or set of researchers on staff has become commonplace, which has created a steep demand for analysts.
To help prepare and educate the new analysts that will fill these ranks, RiskIQ now provides guided tours, information context bubbles, and integrated blog data into the PassiveTotal platform, which provide best practices and information on the importance of each dataset and pivoting between them.
Fig-1 The ‘Tours’ tab in the top right of the PassiveTotal home page
Located in the top-right corner of the app navigation is a ‘Tours’ link that offers step-by-step walkthroughs for “Search Results” and “Projects.” Clicking either of these items begins a guided tour, and we’ll be introducing more PassiveTotal guided tours shortly.
Fig-2 A guided tour of PassiveTotal’s search results
Each step contains a high-level title and a brief overview of how to utilize the feature, interpret the data or use the platform. While the concept is simple, it’s not always obvious to new analysts how to conduct a search or what they can do with the results. We hope that these PassiveTotal guided tours make it easier to understand the functions of the platform and how to begin leveraging the data sets and pivots between them in daily workflows.
Fig-3 An information bubble for trackers
Data sets like “trackers,” “host pairs,” and “components” are incredibly powerful for making connections between infrastructure, but this data hasn’t been available from any sources outside of RiskIQ. To help, sprinkled throughout the platform are several information bubbles (an “i” in a black circle) that provide simple explanations when hovering over them. These icons help add context to information that may be unknown or unclear.
Fig-4 Nice job finding the RiskIQ blog!
Last, but not least, we added a direct feed of the RiskIQ blog into the platform. The blog includes several different discussions, research ideas, thoughts on security, webinars, analysis, and reporting from our research team.
RiskIQ’s motto is “knowing is the best defense” and PassiveTotal provides a plethora of knowledge if you know how to use it. It’s in our DNA to not only produce the best possible product for performing threat analysis but also to make every attempt to simplify the process and educate the next generation of analysts. These features are our first major step in adding more education to the platform, but certainly not our last.
Sign up for a free PassiveTotal account to check out the new features, and see what else is new in the platform here. If you’re already a user, click here to login and experience our new education features.