RiskIQ PassiveTotal
This document explains how to set up the RiskIQ PassiveTotal premium intelligence source in the TruSTAR platform.
RiskIQ PassiveTotal® expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall—external threats, attackers, and their related infrastructure.
- Source Type: Premium Intel
- Update Type: Query-based
- Time to Install: 10 minutes
Observables Supported
- IP
- Domain (extracted from URL)
- Email address
Requirements
- A subscription to RiskIQ PassiveTotal
- RiskIQ PassiveTotal API key
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the Navigation Bar.
- Click Premium Intel.
- Click Subscribe on the RiskIQ Passive Total box.
- Enter your RiskIQ PassiveTotal API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
Known Issues
No reported issues.