Release Notes: November 2019

RiskIQ Release Notes contain the following subsections:

  1. Enhancements (per module) describe improvements made in the existing product capabilities.          

  2. New Features in RiskIQ.  Some may require you to set up new processes or re-think existing processes.

  3. Issues Addressed section contains customer reported issues that were fixed in this release.

  4. Known Issues section contains a list of issues whose cause has been identified and cannot be fixed at the time of current release; but typically these issues have workarounds.


Digital Footprint & External Threats

"Last Updated By" Column in Events CSV Download 

Added a "Last Updated By" Column to the Events CSV Export to help users identify the source of the most recent changes to an event. This column is now present for both External Threats and Digital Footprint event-types.

Digital Footprint

Wildcard DNS Enhancements 

When we detail a host asset and identify the IP address of a host, we now also perform a wildcard DNS lookup.  If the IP resolution for the wildcard matches the host IP address, this host is marked as wildcard DNS.  This does not include "www" hosts. This is currently exposed by the DNS Veracity filter with the value "Absolute", so that users can get a more accurate count of the true number of hosts they have in their inventory by using this filter to exclude wildcard hosts.

New Web Components

Web Component NameRule Type
DataDomeChild Response Body Regex
MagentoChild Response Body MD5
MagentoDOM Contains
MagentoResponse Body Regex
Globalscape EFTResponse Body Contains
Globalscape EFTChild Response Body Contains
iPanel ProResponse Body Regex
iPanel ProResponse Body Contains
QNAP NAS DeviceDOM XPath Exact

External Threats

Domain Infringement Monitoring for http & https 

We now crawl both the http and https sites for a Domain Infringement event. If either leads to a live site, we show that as the crawl for the event. If both resolve to a live site, we default to using the http version as the sample. This change means that we can provide more context for the threat level of the event by showing how a domain or host is being used by its owner, including being more likely to identify phishing, malware, or other fraudulent activity or trademark abuse on a site hosted on an infringing domain or host. 

New Features  


PassiveTotal 3.0 

We recently released PassiveTotal 3.0.  This new version primarily addresses performance issues; we have achieved a 3x performance improvement in our search capability, and have also drastically improved the speed of larger infrastructure queries.  The new PassiveTotal also features an enhanced WhoIs interface that makes it easier to discern changes to a WhoIs record.

External Threats 

Enforcement API: Get, Update, and Search Endpoints

New API endpoints are now available enabling users to manage their enforcements programmatically rather than in the UI. The API enables searching through enforcements using the same filters as are available in the UI Enforcements screen, changing the status and/or adding notes to enforcements, and retrieving and exporting enforcement data as JSON . 

Enforcement CSV Download

In addition to the API, users can now export enforcement data in CSV format as well using the Download button at the top right of the Enforcements screen in the UI.

Issues Addressed

Digital Footprint

  • Facet Performance:  
    For organizations with a large digital footprint, certain facets (e.g. "domain") contain a very large number of results, slowing down performance. We optimized our faceting system to improve performance with changes to our caching and resolver methods. 

  • Duplicate Downloads:  
    If a download was currently in progress, a second export request would replace the first task instead of creating a concurrent task.  We fixed the issue and now support simultaneous downloads. 

  • Additional SSL Certificate Facets:  
    Added three new options to SSL Certificate Facets:  Cert Issuer Common Name, Cert Subject Common Name, and Cert Signature Algorithm.

Known Issues

Digital Footprint 

  • Instead of producing a single SSL Certificate change event for the encrypted version of a site, we are creating a duplicate for the HTTP site as well. 
  • When adding a new organization to an asset with previously applied organizations, the system is overwriting the previous selection, only enabling one organization to be applied to an asset at a time.  This is problematic for customers who need to assign more than one organization to an asset in order to sufficiently track ownership of their digital footprint.


  • When downloading results, the provided CSV only lists the artifacts listed on the current page instead of the full record count.  Instead of receiving all results (e.g. 130 web components), the download will only list the first 25 if you are displaying 25 results per page. 
  • Within project results, there is an issue with changing the number of visible results within the page.  A request to show 50 results (instead of the standard 25) makes no change to the pagination of the results.  Also experiencing intermittent sorting issues. 
  • Host pairs are not loading properly for some domains with a very large number of host pair results.