RiskIQ
RiskIQ_Articles
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: OSINT articles that reference an indicator.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Artifacts
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: Illuminate / PassiveTotal project artifacts that match an indicator.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Certificates
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: SSL/TLS certificates associated with an indicator.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Components
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: web components observed during crawls on a hostname.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_HostpairChildren
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: hosts with a child web component relationship to an IOC.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_HostpairParents
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: hosts with a parent web component relationship to an IOC.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Malware
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: malware hashes from various sources associated with an IOC.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Projects
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: Illuminate / PassiveTotal projects that contain an artifact which matches an IOC.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Reputation
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ Illuminate Reputation Score for an indicator.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Resolutions
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: PDNS resolutions for an IOC.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Services
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
ip |
Description
RiskIQ: services observed on an IP address.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Subdomains
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
fqdn, domain |
Description
RiskIQ: subdomains observed historically in pDNS records.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Summary
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ Illuminate and PassiveTotal datasets with records for an indicator.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Trackers
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ: trackers observed during a crawl on a host.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |
RiskIQ_Whois
Details
Author |
RiskIQ |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
domain, fqdn, ip |
Description
RiskIQ Whois lookup for an indicator.
Configuration
Name |
Description |
username |
API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
api_key |
API key of the RiskIQ Illuminate or PassiveTotal account |
days_back |
Number of days back to search for date-bounded historical queries |