RiskIQ, digital threat management solution provider, announced updates to its PassiveTotal API. PassiveTotal is a cyber event investigation platform, and the API updates add projects and monitoring ability to existing endpoints. The goal is to streamline the ability to integrate PassiveTotal into third party security operations.
Projects enable users to collaborate with other users to investigate specific incidents. Through the API, users can add, delete, and update artifacts for specific projects. Such functions can be applied to individual projects, or a bulk set of projects. Users can specify project properties with tags, descriptions, visibility, and collaborated to keep investigations organized and moving towards completion and remediation as necessary.
Monitoring allows users to keep track of suspicious and malicious activity. Further, users receive in-platform alerts and weekly summary emails with changes and updates. Users can receive alerts for both artifacts and projects automatically, which enables organizations to proactively block suspicious infrastructure.
RiskIQ believes the API updates will help streamline investigations and improve response to incidents. In the blog post announcement, the RiskIQ team demonstrates a sample workflow. For more detailed information, check out the API docs. For access to the API, those interested must register for a PassiveTotal account.