External Threat Management Analyst

RiskIQ Brings Microsoft’s Security Solution Suite to RiskIQ PassiveTotal

In incident response, speed and visibility are everything, but they can’t be achieved without a 360-degree view of your attack surface. 

RiskIQ PassiveTotal now integrates directly with Microsoft Defender and Azure Sentinel, bringing Microsoft Defender endpoint telemetry and Azure Sentinel alert data directly to the PassiveTotal threat hunting platform. This combination of RiskIQ and Microsoft data enriches threat infrastructure to show pertinent SIEM alerts and endpoint details alongside RiskIQ's rich Internet intelligence to speed up and supercharge investigations. 

RiskIQ and Microsoft joint customers can enable integrations for both Microsoft Defender and Azure Sentinel separately in their organization's account settings in RiskIQ PassiveTotal. Once enabled, analysts can pivot across RiskIQ data during an investigation to understand all the related infrastructure affecting impacted endpoints or existing security tickets. 

Users can quickly pivot across RiskIQ data sets from Sentinel alerts

RiskIQ PassiveTotal aggregates data from the entire internet, absorbing intelligence to identify threats, attacker tools and systems, and indicators of compromise (IOCs). As users pivot between RiskIQ data sets, corresponding SIEM and endpoint data are automatically searched and presented to instantly show if a threat has been in their local environment. This way, companies can stay a step ahead of their adversaries and optimize their attack surface management.

Endpoint data from ATP is overlaid with RiskIQ's powerful external data sets

Once enabled, Joint customers of RiskIQ and Microsoft will see a new "Microsoft" tab within their PassiveTotal search results. This tab splits into multiple sub-tabs that will be populated based on the product enabled.

Sentinel and ATP tabs in RiskIQ PassiveTotal

Key benefits include:

  • Automated enrichment
  • Accelerated investigations
  • Streamlined and improved threat hunting
  • Detection of threats before impact
  • Elimination of coverage gaps

Now, more than ever, organizations need to measure their attack surface and ensure they have resilience baked into their documented response procedures. Microsoft's cloud-native security solutions, when combined with RiskIQ, has the potential to reshape how security teams operate, seamlessly integrating RiskIQ's comprehensive external visibility with the advanced threat detection, AI, and orchestration. With both internal and external intelligence instantly correlated in one place, incident responders will accelerate their investigations, respond to incidents with more confidence, and be more proactive in addressing threats.

Those looking to get started with this powerful integration can register for Community edition and input their Microsoft API credentials to see the Microsoft tab show up within the interface. To learn more, visit the solutions brief here. 

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor