One source.
Many applications.
RIFFSEC data can be used in any cybersecurity tool from traffic filtering to incident analysis. You get structured, processed intelligence - ready to act.
Trusted Us
RIFFSEC data can be used in any cybersecurity tool from traffic filtering to incident analysis. You get structured, processed intelligence - ready to act.
Easy access to data via private API (STIX/TAXII), available to clients with valid key.
RIFFSEC provides curated feeds of phishing and malicious domains that can be used in DNS filters, proxies, or firewalls to automatically block known threats.
Data delivered over TAXII can be ingested by Splunk, Microsoft Sentinel, QRadar, Cortex XSOAR, and other security platforms — enriching alerts with context from dark web sources.
Clients can either download datasets manually in XLS format from the RIFFSEC web panel, or integrate them automatically via API for continuous ingestion.
RIFFSEC data supports incident validation, enrichment, and escalation workflows used by security teams.
Check whether leaked credentials, internal domains, or infrastructure indicators appear in underground sources. Validation with RIFFSEC shortens triage and helps eliminate false positives.
RIFFSEC connects phishing, leaks, and domain activity with known threat actors and campaigns, giving analysts a clearer picture of attack context and timeline.
We are developing Hunter Workspace — a real-time visual environment that will allow analysts to link and explore all RIFFSEC data interactively, improving investigation speed and collaboration.
Power your tools with actionable context.
RIFFSEC detects new phishing campaigns, look-alike domains, and suspicious DNS changes. Indicators can be used directly in correlation and detection rules within SIEM and XDR systems.
Infrastructure reuse analysis links newly found IPs and URLs with known attacks, helping identify recurring threat actors and reused assets.
Stay informed about malware hashes, C2 servers, and compromised hosts observed in the wild. RIFFSEC continuously updates feeds to maintain detection precision.
Data for analysts and threat hunters.
Companies that have fallen victim to such attacks ask me what I recommend to avoid similar incidents in the future. Until now, I didn't have a simple answer to this question.
RIFFSEC are true cybersecurity practitioners. They explain complex issues clearly and deliver valuable, relevant data instead of noise.
Data from the RIFFSEC is a valuable external source of power for our Cyber Shield and influences the effectiveness of its operation
Every year at DC9 Group we handle incidents that might not have occurred if password compromise had been detected early. RIFFSEC solution supports cyber hygiene.
