See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
Over 18,000 Security Analysts Trust RiskIQ for Comprehensive Internet Data
Sign Up Now for Free
As businesses adapt to the changing digital landscape, more customer and business operations are shifting from being behind the protection of firewalls to being available via the internet. This exposes your company and customers to extremely skilled, malicious, and persistent threats.
The good news for threat hunters in your organization is that data exists to help expose the infrastructure being used by attackers. This allows you to find, block, and prevent attacks.
PassiveTotal expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall—external threats, attackers, and their related infrastructure.
PassiveTotal simplifies the event investigation process and provides analysts access to a consolidated platform of data necessary to accurately understand, triage, and address security events.
Sign Up Now for Free
Threat hunters need access to internet data to help understand who their adversary is and what infrastructure they use to conduct their attacks. By bringing together critical data sources in an easy to use visual interface, PassiveTotal enables analysts to investigate digital threats and map and analyze their adversary’s infrastructure.
PassiveTotal provides access to:
Learn more about these and all of the data sets available through RiskIQ
PassiveTotal correlates and links data across data sets, allowing for easy pivoting between them. With access to the most comprehensive number of internet data sets available, you no longer need multiple tabs open to search WHOIS records, IP resolutions, DNS data, SSL certificate data, or other open source intelligence.
For example, if you find a suspicious or malicious domain, you can pivot and find WHOIS registrant details, find that it is registered to guy@bad[.]com, and then pivot off of that email address and instantly find other domains and IPs registered to or associated with guy@bad[.]com.
Learn more about pivoting by watching this video
PassiveTotal makes it easy for analysts to share information about investigations and threat infrastructure using projects.
Projects allow organization of related threat infrastructure elements, like domains, IPs, website trackers, WHOIS registrant information, to make it easier to hand off investigation working files to other analysts or maintain an ongoing workspace for a particular research project. These projects can be shared publicly with the security community, or privately with other analysts in within the organization.
RiskIQ also works closely with the analyst community and publishes curated public projects as starting points for new investigations. These projects often include recent threats, many which appear in the news, giving you a head start in your research.
Leverage PassiveTotal’s extensive internet data sets in existing security tools via apps written for Splunk and IBM QRadar. PassiveTotal has an extensive API capability that allows your organization to bring the vast RiskIQ and PassiveTotal data sets directly into your own security operations tools. You can even create visual graphs using PassiveTotal Maltego transforms hosted by Malformity.
Download the PassiveTotal Datasheet