RiskIQ is expanding the capabilities of its threat analysis platform with the ability to identify “who” and “what” information associated with potential attacks thanks to the addition of Intel 471’s cyber threat intelligence service.

RiskIQ’s PassiveTotal threat infrastructure analysis product conducts analysis on threat infrastructure to identify threats and block them before they reach the network. Now it can also collect data about who the actors are and why they mounted the attack with the ability to view data from Intel 471’s service from directly within RiskIQ’s platform, the company said in a blog post.

This integration allows security analysts to combine Intel 471 attacker profile information–including tools, techniques and motivations–with malicious infrastructure data sets such as IPs and domains within PassiveTotal to identify threats in the planning stages, according to RiskIQ.

“When dealing with a cyber intrusion, some of the first questions asked are ‘who’ did this and ‘why’ us,” the company said in the post. “Though the questions posed are simple, they are extremely difficult to answer and require intimate knowledge of the cyber underground in order to begin constructing an intelligent response.”

Startup Intel 471 was launched in 2014 to provide actor-centric cyber threat intelligence information to support security operations, thus giving companies tangible information about the actual people responsible for threats.

PassiveTotal users who also subscribe to Intel 471’s services can now view Intel 471 data directly from within PassiveTotal as they conduct analysis on threat infrastructure, according to RiskIQ. The integration requires two-factor authentication due to the sensitive nature of the information; registered users can activate this by visiting the “settings” page of their accounts and clicking the “Two-Factor” tab, the company said.

With this integration, PassiveTotal can now supplement infrastructure intelligence including DNS, WHOIS records and SSL Certificates with data on adversaries gathered by Intel 471 from underground forums and other closed sources, the company said. It also allows analysts to see individuals linked to suspicious domains as well as their activity on the Dark Web.

“Partnering with RiskIQ and PassiveTotal is a big step for us as it enables our joint customers to understand threat actors, where they come from and the infrastructure they use,” said Intel 471 CEO Mark Arena, in a press release. “This holistic view of the threat fuses the incident-centric and actor-centric approaches to cyber threat intelligence.”