Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

ThreatConnect and RiskIQ PassiveTotal: Better Enrichment Capabilities with PassiveTotal

ThreatConnect is pleased to deliver a Playbook App for joint customers to leverage RiskIQ PassiveTotal capabilities within the ThreatConnect Platform. With this app, you can query PassiveTotal for enrichment information on various indicators of compromise (IOC) types. By automating this process, you bring relevant, timely, and accurate threat intelligence into ThreatConnect and use it to make better, more informed decisions.

RiskIQ PassiveTotal Playbook App

RiskIQ PassiveTotal Playbook App

The following capabilities are now available:

  • Aggregate Enrichment
    • As part of a security process, you may want to aggregate available enrichment and analysis from various outside sources into one location- the ThreatConnect Platform. You will have a more holistic understanding of potential threats to make the most informed decision as part of your analytic, investigative, and remediation actions.
  • Use Enrichment Service to Corroborate Alerts
    • As part of an analysis process, utilize information from PassiveTotal to aid and corroborate intelligence analysis or validate the accuracy and severity of security alerts. By corroborating this information, you can feel confident to make informed decisions.
  • Perform All-Source Analysis 
    • As part of an analysis, corroborate or dispute the output from other tools and services to perform an all-source analysis which involves analyzing threat information from multiple sources. Because operations feed intelligence in a continuous loop, your Security Operations Center (SOC) and Incident Response (IR) teams can leverage the work from the Threat Intelligence team during their investigations.

The following actions are available with this app: 

  • Get Host Pairs
  • Get Host Trackers
  • Get SSL Certificate History
  • Get Subdomains
  • Get Passive DNS
  • Get Cookies
  • Get Components

The integration with RiskIQ PassiveTotal helps ThreatConnect users automatically query enrichment data to use that data as part of a security process. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on leveraging the RiskIQ PassiveTotal Playbook App. If you’re not yet a customer and are interested in ThreatConnect, please contact sales@threatconnect.com.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.