Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Getting Started Actions Artifact Articles Attack Surface Intelligence Intel Profiles Data Card Enrichment Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Cookies Components Passive DNS Whois Bulk Enrichment Reputation
Additional Resources
Workspace Management API
RiskIQ.com

Attack Surface Intelligence

RiskIQ’s Attack Surface intelligence identifies and distinguishes resources and digital systems across the open and closed web—brands, infrastructure, third parties, dependencies, peers, industries, and the entire digital supply chain. By using the ASI and Third Party API, Threat Hunters and Incident Responders can easily automate threat hunting and look for vulnerable areas on their own and their vendor/suppliers Attack Surfaces.

 

What It Looks Like

Attack Surface Summary


Get Attack Surface

Finds the Attack Surface information of the given account

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface'

Response

{
    "id": 88256,
    "name": "RiskIQ, Inc.",
    "priorities": {
        "high": {
            "observationCount": 0,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/priority/high"
        },
        "medium": {
            "observationCount": 14,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/priority/medium"
        },
        "low": {
            "observationCount": 141,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/priority/low"
        }
    }
}
        

Get Attack Surface Details

Finds the Attack Surface Third-Party information (Detail) for the vendor ID specified

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256'

Response

{
    "id": 88256,
    "name": "RiskIQ, Inc.",
    "priorities": {
        "high": {
            "observationCount": 0,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/high"
        },
        "medium": {
            "observationCount": 14,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/high"
        },
        "low": {
            "observationCount": 141,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/high"
        }
    }
}
        

Attack Surface Third-Party Portfolio


Get all Attack Surface Third-Party vendors

Finds all vendors associated with the given account

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party?page=2&size=50'
        

Response

{
    "totalCount": 20,
    "totalPages": 1,
    "nextPage": null,
    "vendors": [
        {
            "id": 41798,
            "name": "Amgen Inc.",
            "priorities": {
                "high": {
                    "observationCount": 3,
                    "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/41798/priority/high"
                },
                "medium": {
                    "observationCount": 449,
                    "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/41798/priority/high"
                },
                "low": {
                    "observationCount": 188,
                    "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/41798/priority/high"
                }
            }
        }
    ]
}
        

Attack Surface Priority


Get Attack Surface Priority Information

Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/priority/low'

Response

{
    "activeInsightCount": 2,
    "totalInsightCount": 44,
    "totalObservations": 11,
    "insights": [
        {
            "name": "ASI:  Deprecated Tech - PHP",
            "description": "##### Description \nDeprecated versions of PHP that are no longer supported.  Running end of life or deprecated hardware or software can open organizations up to potential risks and vulnerabilities as these systems are no longer supported via regular updates and security patches\n\n##### Remediation\nOrganizations should consider upgrading to supported versions of PHP to ensure security patches are available.\n",
            "observationCount": 1,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/insight/40466?page=0&size=25&groupBy=RISK_CATEGORY&segmentBy=savedfilter_metric_29642"
        }
    ]
}
        

Get Attack Surface Third-Party Priority Information

Finds the Attack Surface Third-Party Priority Information given the level (low, medium, high) and vendor ID

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/medium'

Response

{
    "activeInsightCount": 2,
    "totalInsightCount": 44,
    "totalObservations": 11,
    "insights": [
        {
            "name": "ASI: Expired Domains",
            "description": "##### Description \nThe following domains, previously owned by your organization have expired registration records.  Expired domains could be renewed and used by malicious actors to impersonate your brand to target your organization, employees, or customers.\n\n\n##### Remediation\nOrganizations should review these domains to determine if they should be reregistered.",
            "observationCount": 13,
            "link": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40465?page=0&size=25&groupBy=RISK_CATEGORY&segmentBy=savedfilter_metric_29633"
        }
    ]
}
        

Attack Surface Insight


Get Attack Surface Insight Information

Finds the Attack Surface Insight Information given the insight ID for the given account

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/insight/40466'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/insight/40466?page=2&size=50'
        

Response

{
    "totalCount": 2,
    "totalPages": 1,
    "nextPage": null,
    "assets": [
        {
            "type": "HOST",
            "name": "mail.malvertisingdb.org",
            "firstSeen": "2015-12-03 13:35:49",
            "lastSeen": "2021-06-04 20:23:19"
        },
        {
            "type": "HOST",
            "name": "mail.risk-iq.org",
            "firstSeen": "2017-06-20 05:19:11",
            "lastSeen": "2021-06-04 10:06:28"
        }
    ]
}
        

Get Attack Surface Third-Party Insight Information

Finds the Attack Surface Third-Party Insight Information given the vendor ID and insight ID

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466'
# With url parameters
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466?page=2&size=50'
        

Response

{
    "totalCount": 135,
    "totalPages": 6,
    "nextPage": "https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466?page=1&size=25&segmentBy=savedfilter_metric_29643",
    "assets": [
        {
            "type": "HOST",
            "name": "mail.malvertisingdb.org",
            "firstSeen": "2017-06-20 05:19:11",
            "lastSeen": "2021-06-04 10:06:28"
        },
        {
            "type": "HOST",
            "name": "mail.risk-iq.org",
            "firstSeen": "2018-05-11 20:40:17",
            "lastSeen": "2021-06-04 21:05:49"
        }
    ]
}