RiskIQ ====== RiskIQ_Articles --------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: OSINT articles that reference an indicator. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Artifacts ---------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: Illuminate / PassiveTotal project artifacts that match an indicator. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Certificates ------------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: SSL/TLS certificates associated with an indicator. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Components ----------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: web components observed during crawls on a hostname. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Cookies -------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: cookies observed during crawls on a hostname. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_HostpairChildren ----------------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: hosts with a child web component relationship to an IOC. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_HostpairParents ---------------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: hosts with a parent web component relationship to an IOC. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Malware -------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: malware hashes from various sources associated with an IOC. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Projects --------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: Illuminate / PassiveTotal projects that contain an artifact which matches an IOC. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Reputation ----------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ Illuminate Reputation Score for an indicator. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Resolutions ------------------ .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: PDNS resolutions for an IOC. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Services --------------- .. rubric:: Details =========================== ======= Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported ip =========================== ======= .. rubric:: Description RiskIQ: services observed on an IP address. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Subdomains ----------------- .. rubric:: Details =========================== ============ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported fqdn, domain =========================== ============ .. rubric:: Description RiskIQ: subdomains observed historically in pDNS records. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Summary -------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ Illuminate and PassiveTotal datasets with records for an indicator. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Trackers --------------- .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ: trackers observed during a crawl on a host. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ======================================================================================== RiskIQ_Whois ------------ .. rubric:: Details =========================== ================ Author RiskIQ Version 1.0 License AGPL-V3 Requires Registration No Requires Subscription No Free Subscription Available No DataType Supported domain, fqdn, ip =========================== ================ .. rubric:: Description RiskIQ Whois lookup for an indicator. .. rubric:: Configuration ========= ======================================================================================== Name Description username API username of the RiskIQ Illuminate or PassiveTotal account (usually an email address) api_key API key of the RiskIQ Illuminate or PassiveTotal account days_back Number of days back to search for date-bounded historical queries ========= ========================================================================================