RiskIQ PassiveTotal

Updated

This article describes the Intelligence Card Extension for RiskIQ PassiveTotal.

 

pt-logo-2.png

About RiskIQ PassiveTotal

RiskIQ's PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need. 

You must have commercial access to RiskIQ PassiveTotal to use this extension, and will need a username and an API Key to activate the extension.  As a reminder, only user with admin access to Recorded Future can turn on this extension (see this support page for directions on how to activate an extension). 

Note that this extension uses 8 different API calls per lookup, so subscribers with the limited free access will quickly hit their daily max.

Once enabled, the PassiveTotal extension is available to enrich Domain and IP Address Intelligence cards. 

Extending Domain Intelligence Cards

You can enrich any Domain Intelligence Card with the following threat intelligence from RiskIQ PassiveTotal:

  • Tags
  • Technology Components
  • Passive DNS
  • WHOIS
  • Malware Samples

Screen_Shot_2017-04-11_at_1.36.03_PM.png

 

Extending IP Address Intelligence Cards

You can enrich any IP Intelligence Card with the following threat intelligence from RiskIQ PassiveTotal:

 

  • Country
  • Latitude/Longitude
  • AS Name
  • Tags
  • Passive DNS
  • WHOIS
  • SSL Information
  • Malware Samples

Screen_Shot_2017-04-11_at_1.40.36_PM.png

 

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more