Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Actions Artifact Enrichment Exposed Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Bulk Enrichment

 

What It Looks Like

Get Enrichment Data Bulk

Get bulk enrichment data for many queries

Parameters

Field Field Type Description
queryString[] the domains and IPs being queried

Curl Example

$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/enrichment/bulk?query=passivetotal.org,riskiq.com,riskiq.net

Sample Response

{
    "results": {
        "riskiq.net": {
            "sinkhole": false,
            "tld": ".net",
            "primaryDomain": "riskiq.net",
            "queryValue": "riskiq.net",
            "queryType": "domain",
            "everCompromised": false,
            "tag_meta": {
                "foobar": {
                    "creator": "johan@riskiq.net",
                    "created_at": "2017-04-13T01:34:44.570000"
                }
            },
            "dynamicDns": false,
            "tags": [
                "foobar",
                "riskiq"
            ],
            "classification": ""
        },
        "passivetotal.org": {
            "sinkhole": false,
            "tld": ".org",
            "primaryDomain": "passivetotal.org",
            "queryValue": "passivetotal.org",
            "queryType": "domain",
            "everCompromised": false,
            "tag_meta": {
                "mytag": {
                    "creator": "johan@riskiq.net",
                    "created_at": "2017-03-30T01:05:12.629000"
                }
            },
            "dynamicDns": false,
            "tags": [
                "mytag"
            ],
            "classification": "non_malicious"
        }
    }
}				

Get Malware Bulk

Get bulk malware data for many queries

Parameters

Field Field Type Description
queryString the domains and IPs being queried

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/enrichment/bulk/malware?query=riskiq.net,passivetotal.org,107.154.108.154'
			

Sample Response

{
    "success": true,
    "results": {
        "passivetotal.org": {
            "hasMalware": false,
            "results": []
        },
        "riskiq.net": {
            "hasMalware": false,
            "results": []
        },
        "badguy.example.org": {
            "hasMalware": true,
            "results": [
                {
                    "collectionDate": "2017-04-14 00:18:02",
                    "sample": "cacc5e355b44c5824af4e2a599999999",
                    "source": "Emerging Threats (Proofpoint)",
                    "sourceUrl": "https://threatintel.proofpoint.com/md5/cacc5e355b44c5824af4e2a599999999"
                }
            ]
        }
    }
}
				

Get OSINT Bulk

Get bulk osint data for many queries

Parameters

Field Field Type Description
queryString the domains and IPs being queried

Curl Example

 $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/enrichment/bulk/osint?query=riskiq.net,passivetotal.org,107.154.108.154'
			

Sample Response

{
   "success": true,
   "results": {
     "phishing.example.org": {
       "results": [
         {
           "derived": false,
           "tags": [
             "phishtank",
             "verified phish"
           ],
           "source": "PhishTank",
           "source_url": "http://www.phishtank.com/phish_detail.php?phish_id=999999",
           "in_report": [
             "phishing.example.org"
           ]
         },
       ],
       "hasOsint": true
     },
     "example.org": {
       "results": [],
       "hasOsint": false
     }
   }
 }