Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Getting Started Actions Artifact Articles Data Card Enrichment Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Cookies Components Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Enrichment

 

What It Looks Like

Get Enrichment Data

Get enrichment data for a query.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/enrichment?query=passivetotal.org'

Response

{
    "subdomains": [],
    "sinkhole": false,
    "tld": ".org",
    "primaryDomain": "passivetotal.org",
    "queryValue": "passivetotal.org",
    "queryType": "domain",
    "everCompromised": false,
    "tag_meta": {
        "mytag": {
            "creator": "johan@riskiq.net",
            "created_at": "2017-03-30T01:05:12.629000"
        }
    },
    "classification": "non_malicious",
    "tags": [
        "mytag"
    ],
    "dynamicDns": false
}

Get Malware

Get malware data for a query.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/enrichment/malware?query=badguy.example.org'

Response

{
    "success": true,
    "results": [
        {
            "collectionDate": "2016-10-08 04:24:38",
            "sample": "cacc5e355b44c5824af4e2a599999999",
            "source": "Threatexpert",
            "sourceUrl": "http://www.threatexpert.com/report.aspx?md5=cacc5e355b44c5824af4e2a599999999"
        },
        {
            "collectionDate": "2016-10-08 04:24:39",
            "sample": "a6ba4a1240fd2e59091cd1bf99999999",
            "source": "Emerging threats (proofpoint)",
            "sourceUrl": "https://threatintel.proofpoint.com/md5/a6ba4a1240fd2e59091cd1bf99999999"
        }
    ]
}

Get OSINT

Get osint data for a query.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/enrichment/osint?query=passivetotal.org'

Response

{
    "success": true,
    "results": [
        {
            "derived": false,
            "inReport": [
                "phishing.example.org"
            ],
            "source": "PhishTank",
            "sourceUrl": "http://www.phishtank.com/phish_detail.php?phish_id=999999",
            "tags": [
                "phishtank",
                "verified phish"
            ]
        },
        {
            "derived": false,
            "inReport": [
                "phishing.example.org"
            ],
            "source": "PhishTank",
            "sourceUrl": "http://www.phishtank.com/phish_detail.php?phish_id=1000000",
            "tags": [
                "phishtank",
                "verified phish"
            ]
        }
    ]
}

Get Subdomains

Get subdomains data for a query.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/enrichment/subdomains?query=passivetotal.org'

Response

{
  "success": true,
  "primaryDomain":"passivetotal.org"
  "subdomains": ["api", "app", "certs", "n1", "n2", "n3", "n4",
    "n5", "n6", "nutmeg-beta", "v2", "www"],
  "queryValue": "passivetotal.org"
}