RiskIQ#
RiskIQ_Whois#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ Whois lookup for an indicator.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Projects#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: Illuminate / PassiveTotal projects that contain an artifact which matches an IOC.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Summary#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ Illuminate and PassiveTotal datasets with records for an indicator.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Artifacts#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: Illuminate / PassiveTotal project artifacts that match an indicator.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Cookies#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: cookies observed during crawls on a hostname.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Components#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: web components observed during crawls on a hostname.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_HostpairChildren#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: hosts with a child web component relationship to an IOC.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Reputation#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ Illuminate Reputation Score for an indicator.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Resolutions#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: PDNS resolutions for an IOC.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_HostpairParents#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: hosts with a parent web component relationship to an IOC.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Subdomains#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- fqdn
- domain
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: subdomains observed historically in pDNS records.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Services#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: services observed on an IP address.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Malware#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: malware hashes from various sources associated with an IOC.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Articles#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: OSINT articles that reference an indicator.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Trackers#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: trackers observed during a crawl on a host.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
RiskIQ_Certificates#
Author: RiskIQ
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
- ip
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
RiskIQ: SSL/TLS certificates associated with an indicator.
Configuration#
| username | API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| api_key | API key of the RiskIQ Illuminate or PassiveTotal account |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| days_back | Number of days back to search for date-bounded historical queries |
|---|---|
| Default value if not configured | 180 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.