Product Description

PassiveTotal streamlines analyst workflows when conducting threat infrastructure analysis. Analysts spend a significant amount of time on data discovery, collection, and parsing, instead of focusing on what actually helps their organization defend themselves--deriving insights about the actors through analysis and correlation.

Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain or IP address. DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise (IOCs), but these repositories are widely distributed and don’t always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure.

Interacting with these data sets can be cumbersome and pivoting between these repositories is time consuming, draining the resources of security operations groups which constantly need to reprioritize their response efforts.

The PassiveTotal Advantage

PassiveTotal was designed with the analyst in mind; we pride ourselves on being analysts first and bringing an analyst-centric approach to solving the pain points organizations often encounter when conducting threat infrastructure analysis.

PassiveTotal’s goal is to reimagine the analyst workflow by developing a platform that aggregates and enriches critical data sources and displays data in innovative, easy to use interface. With security organizations actioning an ever increasing amount of intelligence and alerts within their environment, having a Threat Analysis Platform that allows for accurate and timely assessments of alerting is important.

Teaming with RiskIQ

RiskIQ solves the problem of collecting and analyzing Internet-scale data. It enables security teams to expand their security program outside the firewall. The technology addresses the growing challenge of external threats targeting the enterprise, its customers, and employees.

RiskIQ is designed to detect threats that corrupt the core tenets of the Internet -- the principles of open standards and information sharing -- to extort, scam, invade systems, and infect its users. The mission is to provide web-scale detection to the people responsible for protecting their business against the threats that exist outside of the firewall.

RiskIQ's mission and data perfectly align with the PassiveTotal mission of providing security analysts with the most comprehensive view into the adversary’s infrastructure by bringing together critical data sources that allow analysts to quickly and confidently assess incidents within their networks.

One Platform Many Solutions


Harness the full potential of PassiveTotal's critical datasets in your investigations to identify adversaries targeting your organization.


Bring your organization's research capabilities to the next level with increased access to PassiveTotal data sets, our collaborative research environment, and automated threat infrastructure analysis capabilities.


Unify your cross functional incident response and research efforts, with PassiveTotal Enterprise. For large organizations that want flexibility in their user base and data access across your entire organization.


Bring the power of PassiveTotal to your organization's security operations tool sets by integrating our data sets directly into your security environment.

Additional Features


Automatically share data between users within your organization and get a unified view of all user activity

Maltego Access

Create visual graphs using PassiveTotal Maltego transforms hosted by Malformity

Increased Quota

Identify more connections with an increased search and monitoring quota for your entire organization

Analyst Assist

Automate indicator discovery, tagging, and classification through the development of custom signatures