RiskIQ Makes Facebook ThreatExchange Data Accessible within PassiveTotal
December 2015 by Marc Jacob
RiskIQ announced that its PassiveTotal threat infrastructure analysis product will provide a visual front end for Facebook’s ThreatExchange. With this integration, RiskIQ customers have the option to centralise data from ThreatExchange alongside critical data sets such as passive DNS, WHOIS, and SSL Certificates within PassiveTotal to accelerate security investigations and automate the sharing of findings with the community.
To automate intelligence sharing with the ThreatExchange community, PassiveTotal allows users to set global controls on how, with whom and what data is shared. Once the initial configuration is complete, users can simply begin searching within PassiveTotal much like they normally would. When data related to a search is found within ThreatExchange, PassiveTotal will display a tab and show the specific data along with who submitted it into the exchange. Additionally, when available, PassiveTotal will automatically extract details such as tags or the status of an indicator, including malicious, suspicious, etc.
For real-time sharing, PassiveTotal can be configured to automatically add findings to ThreatExchange as investigations are being conducted. For example, a group of individuals that know and trust each other can instantly work as an ad-hoc team to help protect their peers’ organisations while they are protecting their own company. The addition of ThreatExchange to the PassiveTotal platform can facilitate larger, inter-company intelligence sharing efforts that previously would only be performed through email, if at all.
Availability:
PassiveTotal with ThreatExchange integration is available immediately. RiskIQ threat data is publicly available in ThreatExchange under a TLP GREEN designation.