Flashpoint Deep and Dark Web Integration


This integration is available to customers subscribed to the Deep and Dark Web module of RiskIQ External Threats, which is powered by our Deep and Dark Web partner, Flashpoint (https://www.flashpoint-intel.com), or who are currently mutual customers of both RiskIQ External Threats and Flashpoint with access to the Flashpoint API. 

Through this integration, data sourced from Flashpoint's monitoring of deep and dark web forums creates custom events in RiskIQ alongside other types of event alerts. Flashpoint monitoring mentions of your brand names or other keywords of interest in hacker forums provides visibility into potential future attacks on an organization during the planning stages, while RiskIQ detects the next phases in an attack, during which the threat actors set up their infrastructure and take concrete steps to actually launch the attack in the wild. 

Taken together, both those data sets create a powerful combination enhancing the value an organization can get out of each product individually. Additional context turns previously non-actionable information into something actionable, and with full visibility outside the firewall provided by RiskIQ on the open web, and Flashpoint in the deep and dark web, organizations can view the full picture. They can see what's happening in the outside world (attack planning on the Dark Web as well as actions threat actors are taking on the open web to execute a plan) as well as what an organization can observe from the inside by monitoring it's own environment/logs to correlate that information and better understand their risk posture.

Configuration Requirements

Contact your RiskIQ Technical Account Manager to let them know if you are interested in purchasing this module to add to your current RiskIQ subscription, or if you are a mutual Flashpoint-RiskIQ External Threats customer who wants to leverage this integration. Your organization must have the following to quality as a mutual customer:

  • An active RiskIQ External Threats subscription
  • An active set of Flashpoint API credentials

RiskIQ's customer success team will migrate keywords under monitoring in Flashpoint so that results can be viewed in RiskIQ.

Note that the Deep Dark Web Module purchased through RiskIQ External Threats comes with a number of requests for expert translation provided by Flashpoint analysts. For customers who have existing subscriptions with both RiskIQ and Flashpoint, the use of the integration at no cost does not come with additional expert translation. Any translation requests or RFI or reporting hours used will count against the existing Flashpoint subscription total.