RiskIQ, a global leader in attack surface management, announced that RiskIQ PassiveTotal now integrates directly with Microsoft Defender for Endpoint and Azure Sentinel. The integration brings Defender for Endpoint and Azure Sentinel alert data directly to the PassiveTotal threat hunting platform, enriching threat infrastructure to show pertinent SIEM alerts and endpoint details alongside RiskIQ’s rich Internet Intelligence.
RiskIQ PassiveTotal aggregates data from the entire internet, absorbing intelligence to identify threats, attacker tools and systems, and indicators of compromise (IOCs). Joint customers of RiskIQ and Microsoft can now see SIEM alerts and endpoint communications overlaid directly atop this data in a single interface. As users pivot between data sets in PassiveTotal, corresponding SIEM and endpoint data are automatically searched and presented to instantly show if a threat has been in their local environment.
With both internal and external intelligence instantly correlated in one place, incident responders will accelerate their investigations, respond to incidents with more confidence, and be more proactive in addressing threats.
“In incident response, speed is everything. When external internet data and internal endpoint data are automatically combined and correlated, incident responders can immediately assess suspicious activity,” said RiskIQ Vice President of Strategy Brandon Dixon. “This integration gives incident response a powerful boost, saving analysts precious time and effort.”
“RiskIQ’s massive data collection capabilities enable incident responders to act quickly and with conviction,” said Alon Rosental, principal group program manager, Microsoft Defender for Endpoint at Microsoft Corp. With this integration which ties together internal endpoint data with external infrastructure and layers on pertinent OSINT, the paradigm for time to response and remediation has certainly shifted.”
Microsoft’s cloud-native security solutions, when combined with RiskIQ, have the potential to reshape how security teams operate, seamlessly integrating RiskIQ’s comprehensive external visibility with advanced threat detection, AI, and orchestration. Those looking to get started with this integration can register for the Community edition and input their Microsoft API credentials to see the Microsoft tab show up within the interface.