Posts
-
Dec 21st, 2020
Why Your SOAR Needs Threat Intel Management, Not Feed Management
When it comes to using threat intelligence to aid in the investigation of alerts or phishing, it’s essential to have the right feeds (whether OSINT or paid). We often get asked, “can I just dump f
-
Dec 18th, 2020
Tracking Sunburst-Related Activity with ThreatConnect Dashboards
Recently FireEye discovered that the SolarWinds Orion IT monitoring platform was compromised earlier this year. The threat actor used SolarWinds cryptographic keys to sign multiple backdoored files po
-
Dec 17th, 2020
Tactical Threat Hunting (Part 1): Providing the information that matters, when it matters.
This is part 1 of a 2 part series. In a previous article, “SOAR: An Incident Responder’s Best Friend,” we discussed the issues facing Incident Responders today and how Security Orchestration
-
Dec 15th, 2020
Infrastructure Research and Hunting: Boiling the Domain Ocean
The Diamond Model of Intrusion Analysis identifies two main nodes as actor assets that may ultimately interact with a target / victim’s own assets — capabilities and infrastructure. But while
-
Dec 14th, 2020
ThreatConnect and Cisco Identity Services Engine (ISE): Streamline Security Policy Updates
ThreatConnect and Cisco have partnered to deliver a Playbook app for joint customers to leverage. With this Playbook app, you can control the network status of an endpoint in Cisco ISE. The Cisco Iden
-
Dec 9th, 2020
RQ 5.0 Offers New Automation and Prioritization to Better Respond to and Communicate Cyber Risk
Latest RQ 5.0 release introduces support for multiple security control frameworks and is the industry’s first product to prioritize common vulnerabilities and exposures (CVEs) by the financial risk
-
Nov 19th, 2020
ThreatConnect and Zoom: Coordinated Communications as part of Incident Response
ThreatConnect has delivered a Playbook App for Zoom users to leverage within the Platform. The app will allow you to launch a Zoom meeting, invite attendees, and save the meeting as part of an automat
-
Nov 13th, 2020
ThreatConnect and PagerDuty: Better Alert Management
ThreatConnect has released a Playbook App for joint customers to leverage PagerDuty. With this new Playbook App, you can easily monitor alarms and notify team members when necessary – leading to
-
Nov 12th, 2020
ThreatConnect and Cisco Secure Access by Duo: Save time during IdAM Investigations
ThreatConnect has partnered with Cisco Security to deliver a Playbook App for joint customers to use Cisco Secure Access by Duo (formerly Cisco Duo). Now, users can automate processes during an intern
-
Nov 11th, 2020
Playbook Fridays: Have You Been Pwned?
Enriching Indicators with haveibeenpwned ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And
-
Nov 9th, 2020
ThreatConnect and VirusTotal: Enable YARA Hunting and Better Malware Analysis
ThreatConnect and VirusTotal have improved our collaboration with a new Playbook App! This app will allow you to send malware to a sandbox to be further examined and retrieve the results from VirusTot
-
Nov 4th, 2020
ThreatConnect Research Roundup: Wizard Spider / UNC1878 / Ryuk Campaign
Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related ind