External Threat Management Analyst

Coming Soon to PassiveTotal: New Features, More Data, Better Investigations

Do you feel that there are too many disparate sources of information available? Having a hard time consolidating, correlating, and analyzing information? In today’s rapidly changing cyber threat environment, it’s hard to separate the signal from the noise. PassiveTotal, RiskIQ’s threat investigation tool, centralizes key internet data sets allowing cyber security analysts to cut through the noise and focus their investigations—and it’s about to get better.

Cyber threat actors are skilled at covering their tracks by masking and changing their infrastructure to avoid detection. For cyber security teams tasked with uncovering these tracks, it’s critical to understand how disparate pieces of infrastructure are connected and have changed over time. That's why PassiveTotal has become a central part of thousands of cyber threat research arsenals. The platform provides critical context about events, along with advanced analytics to help surface connections that might otherwise go unnoticed.

PassiveTotal’s ability to intelligently connect disparate elements of attacker infrastructure such as passive DNS, WHOIS, SSL certificates, and site metadata helps researchers accurately understand, triage, and address cyber security events. Over the past five years, PassiveTotal has accelerated and simplified cyber threat investigations for cyber security analysts and organizations all over the world.

PassiveTotal has accelerated and simplified research for analysts and organizations all over the world. Now it can make threat investigation even better.

The Next Generation of Cyber Threat Research

Adversaries are evolving, and so is our platform. Today, we announced the next generation of PassiveTotal. The redesigned platform will help cyber security analysts and researchers address a larger number of cyber threats in less time, using fewer resources.

The upcoming launch will be the biggest update to the PassiveTotal platform since it was released more than five years ago. Starting with what will be most obvious, we redesigned the user interface and focused our efforts on supporting the workflows of today’s cyber security analyst and research community.

Building on the incredible use of the heatmap of activity around domains and IPs, we’ve built new visualizations and interactions around the entire history of our observed changes.

PassiveTotal has accelerated and simplified research for analysts and organizations all over the world. Now it can make threat investigation even better.

RiskIQ’s ever-expanding data sets provide new context to adversaries’ infrastructure that’s not available anywhere else. With our upcoming update, we’re including deeper monitoring capabilities on our data sets, along with a completely new feature, PassiveTotal projects.

PassiveTotal projects help cyber security analysts organize and group related cyber threat infrastructure components found during investigations. Projects can be shared with other teams, like your corporate brand or marketing teams, as well as with other cyber security analysts around the world. For proactive analysis, a monitor can be set on an entire project, so if there is a change to any facet of a project, the project owner will be alerted.

PassiveTotal continues to bring power to the cyber security analyst by allowing them to:


  • Rapidly triage and gain context to events and attackers.
  • Set monitors on suspicious or potentially malicious infrastructure to be alerted to changes that could indicate weaponization or impending attack


  • Automatically aggregate and correlate data about a security event that would otherwise take days or hours of manual analysis
  • Get alerts about changes to specific infrastructure that you’re interested in, allowing for proactive monitoring and defense against unauthorized or unexpected changes


  • Uncover hidden facets of your attacker’s infrastructure and enrich investigations, so your cyber security teams understand your adversaries, their techniques, and their infrastructure
  • Proactively block malicious infrastructure that is related to known malicious organizations and actors

Save time, outsmart your adversaries, and defend your internet-exposed digital assets from attackers. The next generation of cyber threat research is coming soon. Sign up for PassiveTotal today and be among the first to get access to the new features and capabilities!

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor