RiskIQ Blacklist Intelligence
This document explains how to set up and use RiskIQ Blacklist Intelligence with TruSTAR Station.
RiskIQ's Blacklist Intelligence delivers curated lists of known bad URLs, Domains, and IP addresses associated with malware, phishing, and scam events.
- Source Type: Premium Intel
- Update Type: Query-based
- Time to Install: 10 minutes
The integration pulls reports with these observables from RiskIQ Blacklist Intelligence:
- Domain (Extracted from URL by TruSTAR)
- Licensed user of RiskIQ
- API key for RiskIQ Blacklist lookup
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side icon list.
- Click Closed Sources.
- Click Subscribe on the RiskIQ Blacklist box.
- Enter your PassiveTotal API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
IOC Type <IOC Value>
Alternative IOC Type <IOC Value>
Full JSON response
"detectedAt" field of response
"score" field of response. Tags of more than 32 characters are ignored.
Note only when value is true for either of these fields: "phishing":true,"malware":false,"spam":false,"scam":true)
Score:100) + phishing:true
Client Meta Tag
No reported issues.