-
Apr 9th, 2020
Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
Summary Hunting adversaries begins with understanding their behavior through data. In this blog post, we’ll use the Diamond Model as a vehicle to create an actor profile for the criminal group Cobal
-
Apr 6th, 2020
Now Available: CAL COVID19-themed Newly Registered Domains Feed
As the world is struggling to respond to the global COVID-19 pandemic, we want to make sure we’re doing our part. There are a number of ne’er-do-wells that are trying to take advantage of the situ
-
Apr 2nd, 2020
How to Build a Basic Workflow in ThreatConnect
From a Simple Notification Email to Threat-Bending Phishing Triage, This Is Your First Step ThreatConnect 6.0 introduces a brand new feature: Workflow. This capability lets you combine manual and auto
-
Mar 20th, 2020
7 Tips for Working from Home
Many of us are stuck at working from home due to COVID-19. These are very surreal times. For some of you (us), being at home trying to work might be a whole new world. Well, we’re here to help navig
-
Mar 19th, 2020
Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
We’ve got options for how you can track activity related to Coronavirus / COVID-19 in the ThreatConnect Platform: 1. New System Dashboard – COVID-19 Related Activity The ThreatConnect Rese
-
Mar 17th, 2020
Automation Anxiety? Don’t Worry.
More efficient processes. Better staff utilization. Increased documentation of processes. These are just a few of the benefits of automation, yet organizations may be slow to adopt automation technolo
-
Mar 13th, 2020
Playbook Fridays: ATT&CK Tag Framework
This Component creates a uniform structure for ATT&CK tags which can then be leveraged to create TQL queries, dashboards, or even newer Playbooks. And, since this is a Component, it can be added t
-
Feb 21st, 2020
Playbook Fridays: dan.me TOR Full List with Details
This Playbook gets the listing of TOR nodes from dan.me website and parses all of the information into ThreatConnect for consumption. TOR is often used by malicious actors to conceal their identity an
-
Feb 10th, 2020
Introducing ThreatConnect’s New Learning Portal
New courses and our knowledge base are combined in one place We are very excited to introduce our new Learning Portal! Accessible to all of our registered users, this portal not only houses the cours
-
Jan 24th, 2020
Playbook Fridays: The Indicator Importer Spaces App
A Case Study in Using Playbooks with Spaces Apps How to use Playbooks to make spaces apps more effective You can find the Indicator Importer spaces app discussed in this post here. There are two goals
-
Dec 6th, 2019
Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
Querying GreyNoise’s both free and paid APIs to retrieve insights on IOCs for alert triaging and filtering purposes Analysts get inundated with alerts from all sorts of activity; both targeted and a
-
Dec 4th, 2019
How to Choose the Right SOAR Platform: A Checklist
The great thing about SOAR is that, if deployed correctly, it gives your organization the platform required to implement an intelligence-driven security strategy. You can think of SOAR and how it’
Dataminr to Acquire ThreatConnect
Joining Forces with Dataminr to Accelerate Threat and Risk‑Informed Defense