As whois lookups return data on nearly every domain, we recommend running this integration in "On-Demand" mode only.
The Polarity - PassiveTotal integration searches PassiveTotal for Whois information on domains and emails. For domains, the integration will additionally retrieve malware and open source intelligence in the details.
To learn more about PassiveTotal, please visit the official website.
Check out the integration in action:
The Polarity-PassiveTotal integration runs whois lookups against both emails and domains. For domains, the integration will do a details lookup against malware and open source intelligence endpoints.
Entity Type | REST API Endpoints Searched |
---|---|
domain | https://api.passivetotal.org/v2/whois/search https://api.passivetotal.org/v2/enrichment/malware (on details) https://api.passivetotal.org/v2/enrichment/osint (on details) |
https://api.passivetotal.org/v2/whois/search |
The URL of the PassiveTotal API including the schema (i.e., https://). Default is set to: https://api.passivetotal.org
PassiveTotal Username, used to access the API.
PassiveTotal API Key
Number of associated Malware, pDNS and OSINT records to return. Please note the higher the number to longer it will take for the query to return. Default is set to 10.
List of domains that you never want to send to Domain Tools
Domains that match the given regex will not be looked up (if blank, no domains will be black listed)
Installation instructions for integrations are provided on the PolarityIO GitHub Page.
Polarity is a memory-augmentation platform that improves and accelerates analyst decision making. For more information about the Polarity platform please see: