This document explains how to set up the RiskIQ PassiveTotal premium intelligence source in the TruSTAR platform.
RiskIQ PassiveTotal® expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall—external threats, attackers, and their related infrastructure.
- Source Type: Premium Intel
- Update Type: Query-based
- Time to Install: 10 minutes
- Domain (extracted from URL)
- Email address
- A subscription to RiskIQ PassiveTotal
- RiskIQ PassiveTotal API key
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the Navigation Bar.
- Click Premium Intel.
- Click Subscribe on the RiskIQ Passive Total box.
- Enter your RiskIQ PassiveTotal API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the RiskIQ PassiveTotal Enclave using this format.
IP <IOC Value>
Full JSON response
No reported issues.