A couple months ago, we posted an entry outlining one of our newer datasets, SSL certificates. In that post, we focused on the cyber espionage group, turla, which is said to be associated with Russian government operations. Using self-signed SSL certificate fingerprints, we were able to correlate a number of IP addresses belonging to various satellite providers and unearth an extensive network of command and control domains.
One of the most powerful features inside of PassiveTotal is the ability to monitor infrastructure and receive alerts when something changes. We’ve covered how to deploy monitors in previous postings and videos, but never showed how they could be used for follow-up actions. By combining the notifications and monitors API from the account endpoints, it’s easy to create an automated system to block or publish threat data.
For the past several years, IBM’s QRadar has been recognized as a leader in Gartner’s Magic Quadrant for SIEM and Log Management. RiskIQ is the cornerstone of External Threat Management programs for many of the largest enterprises in the world. In December of 2015, IBM launched the Security App Exchange that allowed companies to begin creating applications that could enhance the QRadar experience. Today, RiskIQ’s PassiveTotal is excited to announce the release
Yesterday morning, Steve presented at FIRST 2016 on "Correlating Threats Using Internet Snapshots". The presentation he gave was one that's evolved ever since we were purchased by RiskIQ in September 2015. One of our primary goals outside of making the platform better is to ensure we are finding the best ways to communicate our message out to our user community. If we are able to clearly outline the value of infrastructure analysis, then chances are,