Skip to main content


Download With Dependencies

Analyze and understand threat infrastructure from a variety of sources–passive DNS, active DNS, WHOIS, SSL certificates and more–without devoting resources to time-intensive manual threat research and analysis

RiskIQ PassiveTotal provides access to the most comprehensive internet data sets available to protect organizations from modern cybersecurity threats. The platform maps and exposes threat infrastructure and provides unparalleled context and intelligence to events and incidents.

What does this pack do?

The content pack PassiveTotal provides the following capabilities:

  • Returns the DomainWhois record for the registered domain name portion of the hostname.
  • Search all tracker addresses and host information.
  • Active account sources can be used to retrieve passive DNS results.
  • Retrieves the SSL certificate history.
  • Returns the exposed services that are relevant to the query.
  • Delivers insights into adversary threat infrastructure organized around a set of purpose-built intelligence profiles.
  • Provides dynamic reputation scoring on IPs and domains.
  • Delivers prioritized insights on an organization’s attack surface, including impacted assets (observations).
  • The practical picture of vulnerability risk, focused on a specific Attack Surface (your own or a third-party vendor).




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByCommunity
CreatedJune 30, 2020
Last ReleaseMarch 29, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.