Deep and Dark Web Integration


The Deep and Dark Web (DDW) add-on for RiskIQ External Threats allows users to combine visibility over their organization's presence on the open web with monitoring in the deep and dark web using data sourced from Flashpoint (, a RiskIQ partner. 

Through an API integration, RiskIQ creates custom event alerts tracking mentions of your brand names or other keywords of interest in hacker forums, chat services, paste sites, and marketplaces in the deep and dark web. Viewed alongside the other event detection provided by RiskIQ, the additional context provided from the DDW add-on can turn previously non-actionable information into something actionable, illuminating the full picture with attack planning and post attack credential sales taking place on the deep and dark web and observable activity on the open web of threat actors carrying out and executing attacks.

Configuration Requirements

Contact your RiskIQ Technical Account Manager to add this integration to your current RiskIQ usage. You will need to either purchase the Deep and Dark Web Add-on for External Threats or else be an existing mutual Flashpoint-RiskIQ customer with both an active RiskIQ External Threats subscription and an active set of Flashpoint API credentials.