Derived Host Pairs from Web Crawling

Did you realize that in loading this blog post, your web browser made over 50 network requests for resources in order to construct it? The modern web is a complex graph of dependent requests made up of images, code libraries, page content and other references. Every day, RiskIQ’s crawling technology makes nearly 2 billion HTTP requests online and saves the contents of the session inside of a database. Using years of this data, engineers

read more

Bring PassiveTotal Directly to Splunk

Users have asked, and now it's here.

With the all-new PassiveTotal App for Splunk, organizations can now bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and remediate threats—all in one place.

How does it work?

PassiveTotal App for Splunk from RiskIQ on Vimeo.

To automate security investigations into suspicious domains or IP addresses, the PassiveTotal App for Splunk searches the large and diverse

read more

PassiveTotal Discovers Nation State Infrastructure Nexus

As analysts, we are used to the common logic of "if it's too good to be true, than it probably is", but every now and then, leads that fall into this category pan out. Steve and I have been investigating a set of infrastructure for over 9 months now and it's finally to a point where we feel confident in the communities response to action the threats involved appropriately. Our analysis shows at least seven

read more

MISP: Sharing Done Differently

One of the awesome things about the security community is its close relationship with development and learning. It’s not uncommon to find open source tools or free solutions that can be leveraged in order to protect your organization from a range of different threats. MISP is one of those solutions and they do a killer job of enabling sharing between disparate entities. We have been paying attention to tools like MISP, so when we

read more

Local Triage with ThreatNote and PassiveTotal

If it’s not clear by our previous postings, we have been making a push to get PassiveTotal data into as many platforms and tools as possible. You may ask yourself why, but the truth of the matter is that each analyst has their own workflow and process. We realize we can’t be all the things to all the people, so we are taking the approach of bring all the data to all the

read more