RiskIQ Passive Total

riskiq passivetotal is a threat intelligence and digital risk management platform that uncovers threats and malicious actors across the internet riskiq passivetotal offers comprehensive threat intelligence by analyzing diverse internet data this connector enables swimlane turbine users to automate the retrieval of enrichment, whois, and passive dns data for domains and ip addresses by integrating with riskiq passivetotal, security teams can enhance their incident response and threat hunting capabilities, leveraging rich context and historical data to make informed decisions the connector simplifies complex investigations, allowing users to focus on mitigating threats and strengthening their security posture prerequisites to effectively utilize the riskiq passivetotal connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the riskiq passivetotal api username your riskiq account username api secret the api secret key associated with your riskiq account capabilities the riskiq passivetotal connector has the following capabilities passive dns lookup domain/ip enrichment data (list of subdomains, threat intel, more) whois lookup notes http //api passivetotal org/api/docs/ configurations http basic authentication authenticates using username and api secret configuration parameters parameter description type required url a url to the target host string required username username string required password api secret, can be obtained from the riskiq settings menu string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get enrichment retrieve enrichment data for a specified query from riskiq passive total, requiring the 'query' parameter endpoint url /v2/enrichment method get input argument name type required description parameters query string required parameters for the get enrichment action input example {"parameters" {"query" "passivetotal org"}} output parameter type description status code number http status code of the response reason string response reason phrase classification string output field classification sinkhole boolean output field sinkhole evercompromised boolean output field evercompromised querytype string type of the resource queryvalue string value for the parameter primarydomain string output field primarydomain tld string output field tld subdomains array output field subdomains tag meta object output field tag meta tag meta mytag object output field tag meta mytag tag meta mytag creator string output field tag meta mytag creator tag meta mytag created at string output field tag meta mytag created at global tags array output field global tags tags array output field tags system tags array output field system tags dynamicdns boolean output field dynamicdns output example {"status code" 200,"response headers" {"vary" "origin,access control request method,access control request headers,accept encod ","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache","expires" "0","x frame options" "deny","content security policy" "script src 'self' 'nonce env' wcpstatic microsoft com","content encoding" "gzip","content type" "application/json","transfer encoding" "chunked","d get whois retrieve whois data for a specified domain or ip address using riskiq passive total, providing detailed registration information endpoint url /v2/whois method get input argument name type required description parameters query string optional parameters for the get whois action parameters compact record boolean optional parameters for the get whois action parameters history boolean optional parameters for the get whois action input example {"parameters" {"query" "passivetotal org","compact record"\ false,"history"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase admin object output field admin admin city string output field admin city admin country string output field admin country admin email string output field admin email admin name string name of the resource admin organization string output field admin organization admin postalcode string output field admin postalcode admin state string output field admin state admin street string output field admin street billing object output field billing registrant object output field registrant registrant city string output field registrant city registrant country string output field registrant country registrant email string output field registrant email registrant name string name of the resource registrant organization string output field registrant organization registrant postalcode string output field registrant postalcode registrant state string output field registrant state registrant street string output field registrant street tech object output field tech tech city string output field tech city tech country string output field tech country tech email string output field tech email output example {"status code" 200,"response headers" {"vary" "origin,access control request method,access control request headers,accept encod ","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache","expires" "0","x frame options" "deny","content security policy" "script src 'self' 'nonce env'","content encoding" "gzip","content type" "application/json","transfer encoding" "chunked","date" "mon, 03 jul 2023 1 passive dns retrieve passive dns data for a specified query from riskiq passive total, using active account sources endpoint url /v2/dns/passive method get input argument name type required description parameters query string required parameters for the passive dns action parameters start string optional parameters for the passive dns action parameters end string optional parameters for the passive dns action parameters timeout number optional parameters for the passive dns action input example {"parameters" {"query" "passivetotal org","start" "2015 01 01","end" "2015 01 02","timeout" 7}} output parameter type description status code number http status code of the response reason string response reason phrase pager object output field pager queryvalue string value for the parameter querytype string type of the resource firstseen string output field firstseen lastseen string output field lastseen totalrecords number output field totalrecords results array result of the operation results firstseen string result of the operation results lastseen string result of the operation results source array result of the operation results value string value for the parameter results collected string result of the operation results recordtype string type of the resource results resolve string result of the operation results resolvetype string type of the resource results recordhash string result of the operation output example {"status code" 200,"response headers" {"vary" "origin,access control request method,access control request headers,accept encod ","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache","expires" "0","x frame options" "deny","content security policy" "script src 'self' 'nonce env'","content encoding" "gzip","content type" "application/json","transfer encoding" "chunked","date" "mon, 03 jul 2023 1 response headers header description example cache control directives for caching mechanisms no cache, no store, max age=0, must revalidate content encoding http response header content encoding gzip content security policy http response header content security policy script src 'self' 'nonce env' wcpstatic microsoft com content type the media type of the resource application/json date the date and time at which the message was originated wed, 27 nov 2024 10 20 59 gmt expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache strict transport security http response header strict transport security max age=63072000; includesubdomains; preload; transfer encoding http response header transfer encoding chunked vary http response header vary origin,access control request method,access control request headers,accept encoding x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block