Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

ThreatConnect and APIVoid: Fuel Orchestrations with Instant Indicator Analysis

ThreatConnect has developed a new Playbook app for ThreatConnect and APIVoid customers. This app allows Threat Intel Analysts a powerful way to get the reputation information on Hosts, URLs, and Address IOCs. Additionally, you can retrieve a screenshot of the webpage served for a given Host or URL for use in reports, amongst other things. By automating this process, you can bring highly-correlated data enrichment services together into one platform, saving time and increasing efficiency.

ThreatConnect APRVoid Playbook

The following use cases are available:

  • Aggregate Enrichment: Single Source of Truth
    • As part of a security process, you may want to aggregate available enrichment and analysis from various outside sources into one location – the ThreatConnect Platform. You will have a more holistic understanding of potential threats to make the most informed decision as part of your analytic, investigative, and remediation actions.
  • Use Enrichment Service to Corroborate Alerts
    • As part of analysis, utilize information from APIVoid to aid and corroborate intelligence analysis or validate security alerts’ accuracy and severity. By verifying this information, you can feel confident to make informed decisions instantly.
  • Perform All-Source Analysis
    • As part of an analysis, corroborate or dispute the output from APIVoid and others to perform an all-source analysis which involves analyzing threat information from multiple sources. Because operations feed intelligence in a continuous loop, your Security Operations Center (SOC) and Incident Response (IR) teams can leverage the Threat Intelligence team’s work during their investigations.

The following actions are available for this Playbook app:

  • Get IP Reputation
  • Get Host Reputation
  • Get URL Reputation
  • Get Screenshot
  • Advanced Request

Together, ThreatConnect and APIVoid help security teams to get important reputation information and screenshots when working through an investigation. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the APIVoid Playbook app. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at sales@threatconnect.com.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.