RiskIQ Technology Partners and Alliances

Powerful Integrations that Extend Your Reach

Technology Alliances

 

RiskIQ’s technology partners and alliances build on RiskIQ products and solutions to help you get even more value from your security infrastructure. The ecosystem of complementary technologies and services provided by our partners help customers gain better security, optimize staff resources, and maximize the value of technology investments.

Get to know RiskIQ with our company overview.

 

RiskIQ’s Splunk App brings the power of data sets collected from internet scanning directly to your Splunk instance. This application leverages your existing PassiveTotal account and our API in order to bring in data like passive DNS, WHOIS, passive SSL, host attributes and more. Features of the Splunk integration include:

  • Users can search for domains or IP addresses for more context
  • Contextual data includes: passive DNS, WHOIS, SSL certificates, host attributes, tags, classifications, unique resolutions
  • Local events are automatically searched and referenced
  • Pivots on returned data can be done both inside of Splunk or inside of PassiveTotal
  • Users can access their team’s search history directly from the dashboard

The RiskIQ App for IBM QRadar brings data sets from internet scanning and threat intelligence directly to your QRadar instance. Without leaving QRadar, you can investigate infrastructure found within your logs, automatically triage offenses based on verified intelligence, and create rules based on data stored within the PassiveTotal platform.

When looking at network activity, context is the most important factor in determining how to action what’s being observed. PassiveTotal builds contextual tags and other details based on multiple datasets including passive DNS, WHOIS, SSL certificates, page crawls and more. The RiskIQ app allows QRadar users to easily pivot over to the PassiveTotal analysis system to conduct more research on the artifact in question. If the item is found to be malicious or suspicious, users can automatically flag it within PassiveTotal and have it synced directly to their QRadar instance. 

Safe Browsing and SmartScreen

Google provides many safeguards to users of the internet every day. RiskIQ contributes to many of those protections, including Google Safe Browsing. When RiskIQ crawls websites and confirms a page to be phishing or hosting malware, we provide these URLs directly to Google for inclusion in Google Safe Browsing.

Google Safe Browsing is a service that is automatically provided to users of Google Chrome, Apple Safari, Mozilla Firefox, and Opera web browsers. Google Safe Browsing is blacklist of URLs which host malware or phishing content, and if a user of one of those web browsers attempts to visit a blacklisted URL, they are presented with a warning page informing them of the impending threat if they proceed.

When RiskIQ crawls a website and confirms that the page is hosting malware or phishing, we provide the URL of the page to Microsoft for automatic blocking to its web browsers through Microsoft SmartScreen.

Microsoft SmartScreen prevents users of Microsoft Internet Explorer and Edge from visiting websites with phishing content or malware. If users of Internet Explorer, Microsoft Edge, and Outlook.com attempt to visit a SmartScreen-blacklisted URL, they are stopped and presented a warning screen that details the threat if they proceed to the page.

Integrations and Memberships

To learn more about RiskIQ and SIEM, click to get this tech note.

Proud Member

                  

Get the Analyst Report

Ovum Report—On The Radar: RiskIQ provides external digital threat defense—learn how RiskIQ helps businesses see, manage, and mitigate web, social, and mobile threats.