With the recent addition of RiskIQ internet scanning and web crawling data into the platform, I find myself leaning heavily on our enrichment data to guide my analysis. Digging into an investigation and sifting through mountains of data for clues to as who is behind an attack campaign and how large that campaign is can be exciting, but often times we just want quick answers. We want to know if the domain we are investigating
As analysts, one of the biggest challenges in dealing with malicious actors is maintaining insight into their operations. It's nearly impossible to know when an actor may decide to change their infrastructure and even more difficult for us to keep tabs on every domain or IP address they control. But what if you could get alerted to those changes automatically? Starting today, PassiveTotal users can now monitor infrastructure of interest and receive alerts when we
With the launch of our updated Maltego transform set three weeks ago, PassiveTotal made even more of our functionality and data available to the Maltego community. With this new functionality came a significant increase in the number of transforms available for querying the PassiveTotal platform and while we all know more is better, it can be cumbersome to sift through all the transform options available.
In an effort to aid our analyst community we have
This week we released an update to our PassiveTotal Maltego transform set, which takes advantage of our updated API and newly released proprietary data sets to provide our community with even more insight into suspicious and malicious infrastructure. With today’s release, PassiveTotal puts more than 100 transforms at our users finger tips, makings it easier than ever to harness the full power of our data within Maltego.
How Do I Get Them?
Infrastructure chaining leverages the relationships between highly-connected datasets to build out an investigation. This process is the core of Threat Infrastructure Analysis and allows organizations to surface new connections, group similar attack activity and substantiate assumptions during incident response. In this blog, we will focus on infrastructure chaining centered around SSL Certificates and how this data set complements traditional sources for infrastructure analysis.
Analysts can use certificate hashes and facets to conduct investigations and discover