See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
Powerful Integrations that Extend Your Reach
RiskIQ’s technology partners and alliances build on RiskIQ products and solutions to help you get even more value from your security infrastructure. The ecosystem of complementary technologies and services provided by our partners help customers gain better security, optimize staff resources, and maximize the value of technology investments.
RiskIQ’s Splunk App brings the power of data sets collected from internet scanning directly to your Splunk instance. This application leverages your existing PassiveTotal account and our API in order to bring in data like passive DNS, WHOIS, passive SSL, host attributes and more. Features of the Splunk integration include:
The RiskIQ App for IBM QRadar brings data sets from internet scanning and threat intelligence directly to your QRadar instance. Without leaving QRadar, you can investigate infrastructure found within your logs, automatically triage offenses based on verified intelligence, and create rules based on data stored within the PassiveTotal platform.
When looking at network activity, context is the most important factor in determining how to action what’s being observed. PassiveTotal builds contextual tags and other details based on multiple datasets including passive DNS, WHOIS, SSL certificates, page crawls and more. The RiskIQ app allows QRadar users to easily pivot over to the PassiveTotal analysis system to conduct more research on the artifact in question. If the item is found to be malicious or suspicious, users can automatically flag it within PassiveTotal and have it synced directly to their QRadar instance.
Google provides many safeguards to users of the internet every day. RiskIQ contributes to many of those protections, including Google Safe Browsing. When RiskIQ crawls websites and confirms a page to be phishing or hosting malware, we provide these URLs directly to Google for inclusion in Google Safe Browsing.
Google Safe Browsing is a service that is automatically provided to users of Google Chrome, Apple Safari, Mozilla Firefox, and Opera web browsers. Google Safe Browsing is blacklist of URLs which host malware or phishing content, and if a user of one of those web browsers attempts to visit a blacklisted URL, they are presented with a warning page informing them of the impending threat if they proceed.
When RiskIQ crawls a website and confirms that the page is hosting malware or phishing, we provide the URL of the page to Microsoft for automatic blocking to its web browsers through Microsoft SmartScreen.
Microsoft SmartScreen prevents users of Microsoft Internet Explorer and Edge from visiting websites with phishing content or malware. If users of Internet Explorer, Microsoft Edge, and Outlook.com attempt to visit a SmartScreen-blacklisted URL, they are stopped and presented a warning screen that details the threat if they proceed to the page.
Slack/Hipchat via Hubbot