IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. RiskIQ’s integration is done through IBM's app marketplace from within QRadar. This allows for enrichment of event information utilizing RiskIQ’s data sets.
RiskIQ’s Splunk App brings the power of data sets collected from internet scanning directly to your Splunk instance. This application leverages your existing PassiveTotal account and our API in order to bring in data like passive DNS, WHOIS, passive SSL, host attributes and more.
Cortex™ orchestrates security to make Security Operation Center (SOC) teams more efficient and smarter. Its comprehensive platform combines automation, incident management, and interactive investigation into a seamless experience to reduce MTTR for every incident. Users can leverage the multi-source threat intelligence capabilities of RiskIQ PassiveTotal with the security orchestration and automation features of Cortex XSOAR for repeatable and scalable incident response that coordinates across different security measures.
When RiskIQ crawls websites and confirms a page to be phishing or hosting malware, we provide these URLs directly to Google for inclusion in Google Safe Browsing. Google Safe Browsing is blacklist of URLs which host malware or phishing content, and if a user of one of those web browsers attempts to visit a blacklisted URL, they are presented with a warning page informing them of the impending threat if they proceed.
When RiskIQ crawls a website and confirms that the page is hosting malware or phishing, we provide the URL of the page to Microsoft for automatic blocking to its web browsers through Microsoft SmartScreen. Microsoft SmartScreen prevents users of Microsoft Internet Explorer and Edge from visiting websites with phishing content or malware.
Accelerate threat investigations and response efforts via automated indicator and event enrichment with comprehensive, real-time internet intelligence. Automate monitoring and blocking with curated threat feeds, and proactively discover, monitor, and defend your digital attack surface.
With Phantom, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting. Phantom Playbooks can utilize RiskIQ PassiveTotal data via the RiskIQ API to automate security processes such as understanding tags associated with infrastructure and then performing blocking or restriction actions on other technologies like endpoint protection, firewalls, proxies, and more.
ThreatSTOP operationalizes threat intelligence to proactively block threats at the network layer. ThreatSTOP’s SaaS platform transforms real-time threat intelligence feeds into automatically updated network traffic policies that can be enforced by popular brands of firewalls, routers, DNS servers and more to prevent communication with malicious IP addresses and domains. Companies use ThreatSTOP to stop attacks before they become breaches by interrupting the ability for attackers to communicate with devices inside their network. Founded in 2009, ThreatSTOP has operationalized threat intelligence for over 800 customers in sectors such as finance, healthcare, technology, manufacturing, education and government.
Anomali is a Threat Intelligence Platform that enables businesses to integrate security products and leverage threat data to defend against cyber threats. The RiskIQ integration allows for some RiskIQ data sets into the Anomali platform by allowing a user to associate their RiskIQ API keys.
The RiskIQ Illuminate app inside the CrowdStrike Store delivers the capabilities of Illuminate, RiskIQ's leading attack surface management platform. The app pairs RiskIQ's extensive internet intelligence with CrowdStrike's rich endpoint telemetry to enable comprehensive visibility into an organization's internal and external attack surface. The Illuminate app also helps security practitioners to accelerate their investigation to respond more effectively to threats by identifying impacted endpoints. Analysts then gain a complete understanding of all related infrastructure to a given threat actor so companies can stay a step ahead of their adversaries.
EclecticIQ is a threat intelligence/analysis platform that uses graph-visuals and traditional data tables to allow analysts to explore the data. RiskIQ integrations utilizes the RiskIQ PassiveTotal API for enrichment or querying for hashes, Passive DND (PDNS), and WHOIS records.
Flashpoint deep and dark web data can be integrated into RiskIQ External Threats to create events on the appearance of keywords relating to your business, brand, or key employees on the dark web. Searching for threats across all digital channels and across all corners of the web enables organizations to have comprehensive visibility and threat management workflows for both RiskIQ and Flashpoint customers.
Maltego is a visualization link analysis or data mining tool focused on providing a library of transforms for discovery of data from many open sources. The RiskIQ integration is done via a PassiveTotal transform that utilizes a PassiveTotal user’s API key. This allows users to perform investigations and the linking of information by accessing a majority of the PassiveTotal data sets and perform actions from within a graph.
ThreatQ is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization, and collaboration needed for increased security effectiveness and efficient threat operations and management. The ThreatQ platform integrates RiskIQ PassiveTotal data to enrich domains and IP addresses with tags, malicious disposition and other metadata from PassiveTotal, along with passive DNS data to query for a domain or IP addresses’ historical record.
WhiteHat Security has partnered with RiskIQ in order to fulfill discovery on behalf of their customers. WhiteHat uses RiskIQ discovery information to allow for application security testing through manual/automated scans and penetration testing.
ServiceNow is a company that provides service management software as a service. It specializes in IT services management (ITSM), IT operations management (ITOM) and IT business management (ITBM). The RiskIQ integrations is a module in ServiceNow’s product that leverages our RiskIQ’s data sets.
Become a Technology Partner Today!