Data from RiskIQ PassiveTotal integrates with ElastiFlow to illuminate cyber threats related to network traffic flow in real-time. The integration seamlessly feeds malicious IP data collected by RiskIQ's Internet Intelligence Graph into the ElastiFlow platform enabling ElastiFlow users to view detailed information about traffic flow on a live, ongoing basis with actionable insights into the threats and malicious activities occurring across the internet.
RiskIQ’s Splunk App brings the power of data sets collected from internet scanning directly to your Splunk instance. This application leverages your existing PassiveTotal account and our API in order to bring in data like passive DNS, WHOIS, passive SSL, host attributes and more.
RiskIQ’s integration with Microsoft Security Solutions provides security teams with the most comprehensive attack surface management solution on the market. Whether it’s finding unknown digital assets exposed on the Internet or investigating threats, RiskIQ and Microsoft will aid your efforts.
Accelerate threat investigations and response efforts via automated indicator and event enrichment with comprehensive, real-time internet intelligence. Automate monitoring and blocking with curated threat feeds, and proactively discover, monitor, and defend your digital attack surface.
IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. RiskIQ’s integration is done through IBM's app marketplace from within QRadar. This allows for enrichment of event information utilizing RiskIQ’s data sets.
When RiskIQ crawls websites and confirms a page to be phishing or hosting malware, we provide these URLs directly to Google for inclusion in Google Safe Browsing. Google Safe Browsing is blacklist of URLs which host malware or phishing content, and if a user of one of those web browsers attempts to visit a blacklisted URL, they are presented with a warning page informing them of the impending threat if they proceed.
Cortex™ orchestrates security to make Security Operation Center (SOC) teams more efficient and smarter. Its comprehensive platform combines automation, incident management, and interactive investigation into a seamless experience to reduce MTTR for every incident. Users can leverage the multi-source threat intelligence capabilities of RiskIQ PassiveTotal with the security orchestration and automation features of Cortex XSOAR for repeatable and scalable incident response that coordinates across different security measures.
With Phantom, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting. Phantom Playbooks can utilize RiskIQ PassiveTotal data via the RiskIQ API to automate security processes such as understanding tags associated with infrastructure and then performing blocking or restriction actions on other technologies like endpoint protection, firewalls, proxies, and more.
ThreatSTOP operationalizes threat intelligence to proactively block threats at the network layer. ThreatSTOP’s SaaS platform transforms real-time threat intelligence feeds into automatically updated network traffic policies that can be enforced by popular brands of firewalls, routers, DNS servers and more to prevent communication with malicious IP addresses and domains. Companies use ThreatSTOP to stop attacks before they become breaches by interrupting the ability for attackers to communicate with devices inside their network. Founded in 2009, ThreatSTOP has operationalized threat intelligence for over 800 customers in sectors such as finance, healthcare, technology, manufacturing, education and government.
The RiskIQ Illuminate app inside the CrowdStrike Store delivers the capabilities of Illuminate, RiskIQ's leading attack surface management platform. The app pairs RiskIQ's extensive internet intelligence with CrowdStrike's rich endpoint telemetry to enable comprehensive visibility into an organization's internal and external attack surface. The Illuminate app also helps security practitioners to accelerate their investigation to respond more effectively to threats by identifying impacted endpoints. Analysts then gain a complete understanding of all related infrastructure to a given threat actor so companies can stay a step ahead of their adversaries.
Anomali is a Threat Intelligence Platform that enables businesses to integrate security products and leverage threat data to defend against cyber threats. The RiskIQ integration allows for some RiskIQ data sets into the Anomali platform by allowing a user to associate their RiskIQ API keys.
EclecticIQ is a threat intelligence/analysis platform that uses graph-visuals and traditional data tables to allow analysts to explore the data. RiskIQ integrations utilizes the RiskIQ PassiveTotal API for enrichment or querying for hashes, Passive DND (PDNS), and WHOIS records.
ThreatQ is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization, and collaboration needed for increased security effectiveness and efficient threat operations and management. The ThreatQ platform integrates RiskIQ PassiveTotal data to enrich domains and IP addresses with tags, malicious disposition and other metadata from PassiveTotal, along with passive DNS data to query for a domain or IP addresses’ historical record.
Flashpoint deep and dark web data can be integrated into RiskIQ External Threats to create events on the appearance of keywords relating to your business, brand, or key employees on the dark web. Searching for threats across all digital channels and across all corners of the web enables organizations to have comprehensive visibility and threat management workflows for both RiskIQ and Flashpoint customers.
Maltego is a visualization link analysis or data mining tool focused on providing a library of transforms for discovery of data from many open sources. The RiskIQ integration is done via a PassiveTotal transform that utilizes a PassiveTotal user’s API key. This allows users to perform investigations and the linking of information by accessing a majority of the PassiveTotal data sets and perform actions from within a graph.
WhiteHat Security has partnered with RiskIQ in order to fulfill discovery on behalf of their customers. WhiteHat uses RiskIQ discovery information to allow for application security testing through manual/automated scans and penetration testing.
ServiceNow is a company that provides service management software as a service. It specializes in IT services management (ITSM), IT operations management (ITOM) and IT business management (ITBM). The RiskIQ integrations is a module in ServiceNow’s product that leverages our RiskIQ’s data sets.
Integrations and Memberships
PROUD MEMBERS
Additional Integrations
