In our last blog post, we broke apart the RiskIQ web crawlers and outlined all the content they collect when browsing the Internet. This was helpful in understanding the data, but it didn’t really provide a good example of how we use this content to link to actor infrastructure. For this post, we are going to focus in on a criminal-based threat that often targets social media services and see how we could leverage
Since releasing our host attribute dataset (pairs, components, trackers), we’ve gotten a lot of great feedback from our community. Users are reporting faster investigation times, more substantial connections and new research leads they wouldn’t have found otherwise. While these datasets are great, they are only a fraction of the data RiskIQ stores on a daily basis. What makes RiskIQ’s web crawling technology powerful is that it’s not just a simulation, it’
If you’ve been in the trenches of security research, you may be familiar with the phrase, “hashes or it didn’t happen”. It’s a testament to the importance of having malware when conducting an investigation and it’s something PassiveTotal has historically lacked inside the platform. Our focus has always been to provide the most comprehensive infrastructure solution while working with companies dedicated to the processing malware to fill our gaps. Starting today,
Did you realize that in loading this blog post, your web browser made over 50 network requests for resources in order to construct it? The modern web is a complex graph of dependent requests made up of images, code libraries, page content and other references. Every day, RiskIQ’s crawling technology makes nearly 2 billion HTTP requests online and saves the contents of the session inside of a database. Using years of this data, engineers
Users have asked, and now it's here.
With the all-new PassiveTotal App for Splunk, organizations can now bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and remediate threats—all in one place.
How does it work?
To automate security investigations into suspicious domains or IP addresses, the PassiveTotal App for Splunk searches the large and diverse