-
Apr 22nd, 2020
Build a Single Source of Truth
Gartner® defines a SOAR platform as ”security orchestration, automation and response technologies that enable organizations to collect security threats data and alerts from different sources, where
-
Apr 17th, 2020
Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
Welcome to ThreatConnect’s Playbook Fridays! We will continually publish posts featuring Playbooks (and sometimes Dashboards!) that can be built in the Platform. ThreatConnect developed the Play
-
Apr 15th, 2020
Creating Order from Chaos: Enabling (Even) Better Decision Making with ThreatConnect 6.0
For those that don’t know, I have 4 kids and a dog. The children are 9 and under. Fresno, my dog, is like 100 years old in “dog years.” My house is chaotic, to say the least. I remember being ab
-
Apr 10th, 2020
Playbook Fridays: Potential Zoom-related Threats Dashboard
This Dashboard was created to track potential Zoom-related intelligence and indicators as the news of it being vulnerable was widely publicized. With many of us working from home these days, and in ge
-
Apr 9th, 2020
Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
Summary Hunting adversaries begins with understanding their behavior through data. In this blog post, we’ll use the Diamond Model as a vehicle to create an actor profile for the criminal group Cobal
-
Apr 6th, 2020
Now Available: CAL COVID19-themed Newly Registered Domains Feed
As the world is struggling to respond to the global COVID-19 pandemic, we want to make sure we’re doing our part. There are a number of ne’er-do-wells that are trying to take advantage of the situ
-
Apr 2nd, 2020
How to Build a Basic Workflow in ThreatConnect
From a Simple Notification Email to Threat-Bending Phishing Triage, This Is Your First Step ThreatConnect 6.0 introduces a brand new feature: Workflow. This capability lets you combine manual and auto
-
Mar 20th, 2020
7 Tips for Working from Home
Many of us are stuck at working from home due to COVID-19. These are very surreal times. For some of you (us), being at home trying to work might be a whole new world. Well, we’re here to help navig
-
Mar 19th, 2020
Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
We’ve got options for how you can track activity related to Coronavirus / COVID-19 in the ThreatConnect Platform: 1. New System Dashboard – COVID-19 Related Activity The ThreatConnect Rese
-
Mar 17th, 2020
Automation Anxiety? Don’t Worry.
More efficient processes. Better staff utilization. Increased documentation of processes. These are just a few of the benefits of automation, yet organizations may be slow to adopt automation technolo
-
Mar 13th, 2020
Playbook Fridays: ATT&CK Tag Framework
This Component creates a uniform structure for ATT&CK tags which can then be leveraged to create TQL queries, dashboards, or even newer Playbooks. And, since this is a Component, it can be added t
-
Feb 21st, 2020
Playbook Fridays: dan.me TOR Full List with Details
This Playbook gets the listing of TOR nodes from dan.me website and parses all of the information into ThreatConnect for consumption. TOR is often used by malicious actors to conceal their identity an