Press Releases

RiskIQ PassiveTotal Integrates with Microsoft Security Solutions to Help Boost Incident Response

SAN FRANCISCO, OCTOBER 29, 2020 RiskIQ, the global leader in attack surface management, today announced that RiskIQ PassiveTotal now integrates directly with Microsoft Defender for Endpoint [CH(E2] and Azure Sentinel. The integration brings Defender for Endpoint and Azure Sentinel alert data directly to the PassiveTotal threat hunting platform, enriching threat infrastructure to show pertinent SIEM alerts and endpoint details alongside RiskIQ's rich Internet Intelligence.

RiskIQ PassiveTotal aggregates data from the entire internet, absorbing intelligence to identify threats, attacker tools and systems, and indicators of compromise (IOCs). Joint customers of RiskIQ and Microsoft can now see SIEM alerts and endpoint communications overlaid directly atop this data in a single interface. As users pivot between data sets in PassiveTotal, corresponding SIEM and endpoint data are automatically searched and presented to instantly show if a threat has been in their local environment.

With both internal and external intelligence instantly correlated in one place, incident responders will accelerate their investigations, respond to incidents with more confidence, and be more proactive in addressing threats.

"In incident response, speed is everything. When external internet data and internal endpoint data are automatically combined and correlated, incident responders can immediately assess suspicious activity," said RiskIQ Vice President of Strategy Brandon Dixon. "This integration gives incident response a powerful boost, saving analysts precious time and effort."

RiskIQ and Microsoft joint customers can enable integrations for both Microsoft Defender for Endpoint and Azure Sentinel separately in their organization’s account settings in RiskIQ PassiveTotal. Once enabled, users will see a new "Microsoft" tab within their PassiveTotal search results. This tab splits into multiple sub-tabs that will be populated based on the product enabled.

"RiskIQ's massive data collection capabilities enable incident responders to act quickly and with conviction," said Alon Rosental, principal group program manager, Microsoft Defender for Endpoint at Microsoft Corp. With this integration which ties together internal endpoint data with external infrastructure and layers on pertinent OSINT, the paradigm for time to response and remediation has certainly shifted."

Microsoft's cloud-native security solutions, when combined with RiskIQ, have the potential to reshape how security teams operate, seamlessly integrating RiskIQ's comprehensive external visibility with advanced threat detection, AI, and orchestration. Those looking to get started with this integration can register for the Community edition and input their Microsoft API credentials to see the Microsoft tab show up within the interface.

About RiskIQ
RiskIQ is the leader in digital attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams, and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

Try RiskIQ Community Edition for free by visiting To learn more about RiskIQ, visit

© 2020 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.


Holly Hitchcock
Front Lines Media