Skip to content

RiskIQ#

RiskIQ_Projects#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: Illuminate / PassiveTotal projects that contain an artifact which matches an IOC.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Malware#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: malware hashes from various sources associated with an IOC.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Reputation#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ Illuminate Reputation Score for an indicator.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Services#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: services observed on an IP address.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Whois#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ Whois lookup for an indicator.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Components#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: web components observed during crawls on a hostname.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Articles#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: OSINT articles that reference an indicator.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Resolutions#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: PDNS resolutions for an IOC.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Summary#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ Illuminate and PassiveTotal datasets with records for an indicator.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_HostpairChildren#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: hosts with a child web component relationship to an IOC.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Subdomains#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- fqdn
- domain
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: subdomains observed historically in pDNS records.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_HostpairParents#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: hosts with a parent web component relationship to an IOC.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Trackers#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: trackers observed during a crawl on a host.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Cookies#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: cookies observed during crawls on a hostname.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Certificates#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: SSL/TLS certificates associated with an indicator.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

RiskIQ_Artifacts#

Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

RiskIQ: Illuminate / PassiveTotal project artifacts that match an indicator.

Configuration#

username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address)
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
api_key API key of the RiskIQ Illuminate or PassiveTotal account
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days_back Number of days back to search for date-bounded historical queries
Default value if not configured 180
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.