RiskIQ PassiveTotal

Updated 1 year ago by TruSTAR

This document explains how to set up the RiskIQ PassiveTotal premium intelligence source in the TruSTAR platform.

RiskIQ PassiveTotal® expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall—external threats, attackers, and their related infrastructure.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to Install: 10 minutes

Observables Supported

  • IP
  • Domain (extracted from URL)
  • Email address


  • A subscription to RiskIQ PassiveTotal
  • RiskIQ PassiveTotal API key
TruSTAR Admin rights are required to activate this Premium Intelligence source.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the Navigation Bar.
  3. Click Premium Intel.
  4. Click Subscribe on the RiskIQ Passive Total box.
  5. Enter your RiskIQ PassiveTotal API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

After the integration has been enabled, you need to submit reports to your private enclave to see intelligence enrichment from Passive Total.

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.

How Did We Do?