Interlock Technology Partner Ecosystem

RiskIQ's industry-leading digital risk management partner ecosystem enables end-to-end visibility, collaboration, and protection.

RiskIQ and our technology partners enable our customers to maximize the value of their security infrastructure, staff, and better protect their enterprise. Together, we deliver precise detection, faster investigations, easier collaboration, automated remediation, blocking, and takedown.

SIEM’s store massive amounts of “behind firewall” log and network data to detect risks, breaches, and assure policy compliance. RiskIQ extends and complements these solutions by adding context-rich visibility into threats and risks “outside the firewall.” With RiskIQ, SIEM’s gain visibility to external web, social, mobile, and deep/dark web threats enabling them to better correlate, respond, and protect against ALL digital risks.
RiskIQ’s security orchestration and enforcement partners streamline the data exchange between tools, automate manual processes, and simplify remediation and protection actions. Enabling repeatable automatic workflows and remediation of RiskIQ identified incidents and events, optimizes the effectiveness and productivity of your security teams, reduces MTTR, and better protects your company, brand, and infrastructure.
RiskIQ integrates with the leading threating intelligence platforms and services providers enriching their data, correlation and actioning capabilities. This combined solution provides the content and context for defenders to efficiently and effectively manage their attack surface, prioritize incidents, and reduce their overall digital risk.
RiskIQ’s Illuminate platform continuously discovers and identifies new assets outside the firewall that require monitoring. This intelligence, combined with vulnerability management vendors scanning and application security testing capabilities, enables enterprise to assure that all their assets and applications are secure, patched, and compliant with regulatory and security policies.
The first step in any effective security and compliance program is maintaining an accurate inventory of our your assets and their posture. RiskIQ’s Illuminate platform continuously discovers and identifies assets outside the firewall. These assets and related intelligence are tagged and correlated with GRC and ITSM solutions to assure compliance and minimize the risk from shadow IT or rogue assets and assure compliance.
The following security companies rely on RiskIQ to protect their company and enrich their offerings:

Data from RiskIQ PassiveTotal integrates with ElastiFlow to illuminate cyber threats related to network traffic flow in real-time. The integration seamlessly feeds malicious IP data collected by RiskIQ's Internet Intelligence Graph into the ElastiFlow platform enabling ElastiFlow users to view detailed information about traffic flow on a live, ongoing basis with actionable insights into the threats and malicious activities occurring across the internet.


RiskIQ’s Splunk App brings the power of data sets collected from internet scanning directly to your Splunk instance. This application leverages your existing PassiveTotal account and our API in order to bring in data like passive DNS, WHOIS, passive SSL, host attributes and more.

section background image
Microsoft SmartScreen

RiskIQ’s integration with Microsoft Security Solutions provides security teams with the most comprehensive attack surface management solution on the market. Whether it’s finding unknown digital assets exposed on the Internet or investigating threats, RiskIQ and Microsoft will aid your efforts.

Palo Alto Networks

Accelerate threat investigations and response efforts via automated indicator and event enrichment with comprehensive, real-time internet intelligence. Automate monitoring and blocking with curated threat feeds, and proactively discover, monitor, and defend your digital attack surface.

section background image

IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. RiskIQ’s integration is done through IBM's app marketplace from within QRadar. This allows for enrichment of event information utilizing RiskIQ’s data sets.

Micro Focus
Google Safe Browsing

When RiskIQ crawls websites and confirms a page to be phishing or hosting malware, we provide these URLs directly to Google for inclusion in Google Safe Browsing. Google Safe Browsing is blacklist of URLs which host malware or phishing content, and if a user of one of those web browsers attempts to visit a blacklisted URL, they are presented with a warning page informing them of the impending threat if they proceed.


Cortex™ orchestrates security to make Security Operation Center (SOC) teams more efficient and smarter. Its comprehensive platform combines automation, incident management, and interactive investigation into a seamless experience to reduce MTTR for every incident. Users can leverage the multi-source threat intelligence capabilities of RiskIQ PassiveTotal with the security orchestration and automation features of Cortex XSOAR for repeatable and scalable incident response that coordinates across different security measures.


With Phantom, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting. Phantom Playbooks can utilize RiskIQ PassiveTotal data via the RiskIQ API to automate security processes such as understanding tags associated with infrastructure and then performing blocking or restriction actions on other technologies like endpoint protection, firewalls, proxies, and more.

section background image
Check Point

ThreatSTOP operationalizes threat intelligence to proactively block threats at the network layer. ThreatSTOP’s SaaS platform transforms real-time threat intelligence feeds into automatically updated network traffic policies that can be enforced by popular brands of firewalls, routers, DNS servers and more to prevent communication with malicious IP addresses and domains. Companies use ThreatSTOP to stop attacks before they become breaches by interrupting the ability for attackers to communicate with devices inside their network.  Founded in 2009, ThreatSTOP has operationalized threat intelligence for over 800 customers in sectors such as finance, healthcare, technology, manufacturing, education and government.


The RiskIQ Illuminate app inside the CrowdStrike Store delivers the capabilities of Illuminate, RiskIQ's leading attack surface management platform. The app pairs RiskIQ's extensive internet intelligence with CrowdStrike's rich endpoint telemetry to enable comprehensive visibility into an organization's internal and external attack surface. The Illuminate app also helps security practitioners to accelerate their investigation to respond more effectively to threats by identifying impacted endpoints. Analysts then gain a complete understanding of all related infrastructure to a given threat actor so companies can stay a step ahead of their adversaries.


Anomali is a Threat Intelligence Platform that enables businesses to integrate security products and leverage threat data to defend against cyber threats. The RiskIQ integration allows for some RiskIQ data sets into the Anomali platform by allowing a user to associate their RiskIQ API keys.


EclecticIQ is a threat intelligence/analysis platform that uses graph-visuals and traditional data tables to allow analysts to explore the data. RiskIQ integrations utilizes the RiskIQ PassiveTotal API for enrichment or querying for hashes, Passive DND (PDNS), and WHOIS records.


ThreatQ is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization, and collaboration needed for increased security effectiveness and efficient threat operations and management. The ThreatQ platform integrates RiskIQ PassiveTotal data to enrich domains and IP addresses with tags, malicious disposition and other metadata from PassiveTotal, along with passive DNS data to query for a domain or IP addresses’ historical record.


Flashpoint deep and dark web data can be integrated into RiskIQ External Threats to create events on the appearance of keywords relating to your business, brand, or key employees on the dark web. Searching for threats across all digital channels and across all corners of the web enables organizations to have comprehensive visibility and threat management workflows for both RiskIQ and Flashpoint customers.


Maltego is a visualization link analysis or data mining tool focused on providing a library of transforms for discovery of data from many open sources. The RiskIQ integration is done via a PassiveTotal transform that utilizes a PassiveTotal user’s API key. This allows users to perform investigations and the linking of information by accessing a majority of the PassiveTotal data sets and perform actions from within a graph.

WhiteHat Security

WhiteHat Security has partnered with RiskIQ in order to fulfill discovery on behalf of their customers. WhiteHat uses RiskIQ discovery information to allow for application security testing through manual/automated scans and penetration testing.


ServiceNow is a company that provides service management software as a service. It specializes in IT services management (ITSM), IT operations management (ITOM) and IT business management (ITBM). The RiskIQ integrations is a module in ServiceNow’s product that leverages our RiskIQ’s data sets.

BAE Systems

Become a Technology Partner Today!

Integrations and Memberships


Additional Integrations