May 19, 2016 Speeding Up Analysis With the recent addition of RiskIQ internet scanning and web crawling data into the platform, I find myself leaning heavily on our enrichment data to guide my analysis. Digging into an investigation and sifting through mountains of data for clues to as who is behind an attack campaign and how large that campaign is can […]
May 17, 2016 Web Crawl to Infrastructure Blowout In our last blog post, we broke apart the RiskIQ web crawlers and outlined all the content they collect when browsing the Internet. This was helpful in understanding the data, but it didnt really provide a good example of how we use this content to link to actor infrastructure. For this post, we are going […]
April 19, 2016 Derived Host Pairs from Web Crawling Did you realize that in loading this blog post, your web browser made over 50 network requests for resources in order to construct it? The modern web is a complex graph of dependent requests made up of images, code libraries, page content and other references. Every day, RiskIQs crawling technology makes nearly 2 billion HTTP […]
April 6, 2016 Bring PassiveTotal Directly to Splunk Users have asked, and now it’s here. With the all-new PassiveTotal App for Splunk, organizations can now bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and remediate threatsall in one place. How does it work? PassiveTotal App for Splunk from RiskIQ on Vimeo. To […]
April 1, 2016 PassiveTotal Discovers Nation State Infrastructure Nexus As analysts, we are used to the common logic of “if it’s too good to be true, than it probably is”, but every now and then, leads that fall into this category pan out. Steve and I have been investigating a set of infrastructure for over 9 months now and it’s finally to a point […]
March 31, 2016 MISP: Sharing Done Differently One of the awesome things about the security community is its close relationship with development and learning. Its not uncommon to find open source tools or free solutions that can be leveraged in order to protect your organization from a range of different threats. MISP is one of those solutions and they do a killer […]
March 29, 2016 Local Triage with ThreatNote and PassiveTotal If its not clear by our previous postings, we have been making a push to get PassiveTotal data into as many platforms and tools as possible. You may ask yourself why, but the truth of the matter is that each analyst has their own workflow and process. We realize we cant be all the things […]
March 17, 2016 Self Driving Transforms: Maltego Machines for the Win! With the launch of our updated Maltego transform set three weeks ago, PassiveTotal made even more of our functionality and data available to the Maltego community. With this new functionality came a significant increase in the number of transforms available for querying the PassiveTotal platform and while we all know more is better, it can […]
February 25, 2016 Maltego Transforms Reloaded This week we released an update to our PassiveTotal Maltego transform set, which takes advantage of our updated API and newly released proprietary data sets to provide our community with even more insight into suspicious and malicious infrastructure. With todays release, PassiveTotal puts more than 100 transforms at our users finger tips, makings it easier […]
