This document explains how to set up and use RiskIQ PassiveTotal as a premium intelligence source in the TruSTAR Web App.
RiskIQ PassiveTotal® expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall—external threats, attackers, and their related infrastructure.
- Source Type: Premium Intel
- Update Type: Query-based
- Time to Install: 10 minutes
The integration pulls reports with these observables from PassiveTotal:
- Domain (extracted from URL)
- A subscription to RiskIQ PassiveTotal
- RiskIQ PassiveTotal API key
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the Navigation Bar.
- Click Premium Intel.
- Click Subscribe on the RiskIQ Passive Total box.
- Enter your RiskIQ PassiveTotal API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
IP <IOC Value>
Full JSON response
No reported issues.