TruSTAR is a threat intelligence platform designed to accelerate incident analysis process and exchange of intelligence among various internal and external teams. This document provides a description how users can correlate reports and indicators produced by RiskIQ PassiveTotal with data stored in their TruSTAR enclaves. This integration will query PassiveTotal and return Passive DNS results for associated indicators.
- Users need to have a subscription to RiskIQ PassiveTotal.
- Users need RiskIQ PassiveTotal API key to enable the integration.
After you have retrieved your RiskIQ PassiveTotal API key please complete these following steps:
- Log into TruSTAR Station and go the Explore->Marketplace (https://station.trustar.co/browse/marketplace).
- Click on Closed Sources.
- Click on RiskIQ PassiveTotal logo and input your PassiveTotal API key.
- Click Submit.
TruSTAR will validate and enable the PassiveTotal integration within 48 hours. You will receive an email from TruSTAR confirming when the integration is enabled.
Q: What data do you currently pull from PassiveTotal?
Our integration currently only pulls reports from RiskIQ PassiveTotal that have cyber IOC’s.
- URL (Domains are extracted from URL)
Please contact us if you would like to discuss additional indicators that can be queried from RiskIQ PassiveTotal.
Q: How often is the data pulled?
Please see this page for PassiveTotal details.
Please reach out to firstname.lastname@example.org for any additional questions.