Posts
-
Mar 19th, 2020
Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
We’ve got options for how you can track activity related to Coronavirus / COVID-19 in the ThreatConnect Platform: 1. New System Dashboard – COVID-19 Related Activity The ThreatConnect Rese
-
Mar 17th, 2020
Automation Anxiety? Don’t Worry.
More efficient processes. Better staff utilization. Increased documentation of processes. These are just a few of the benefits of automation, yet organizations may be slow to adopt automation technolo
-
Mar 13th, 2020
Playbook Fridays: ATT&CK Tag Framework
This Component creates a uniform structure for ATT&CK tags which can then be leveraged to create TQL queries, dashboards, or even newer Playbooks. And, since this is a Component, it can be added t
-
Feb 21st, 2020
Playbook Fridays: dan.me TOR Full List with Details
This Playbook gets the listing of TOR nodes from dan.me website and parses all of the information into ThreatConnect for consumption. TOR is often used by malicious actors to conceal their identity an
-
Feb 10th, 2020
Introducing ThreatConnect’s New Learning Portal
New courses and our knowledge base are combined in one place We are very excited to introduce our new Learning Portal! Accessible to all of our registered users, this portal not only houses the cours
-
Jan 24th, 2020
Playbook Fridays: The Indicator Importer Spaces App
A Case Study in Using Playbooks with Spaces Apps How to use Playbooks to make spaces apps more effective You can find the Indicator Importer spaces app discussed in this post here. There are two goals
-
Dec 6th, 2019
Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
Querying GreyNoise’s both free and paid APIs to retrieve insights on IOCs for alert triaging and filtering purposes Analysts get inundated with alerts from all sorts of activity; both targeted and a
-
Dec 4th, 2019
How to Choose the Right SOAR Platform: A Checklist
The great thing about SOAR is that, if deployed correctly, it gives your organization the platform required to implement an intelligence-driven security strategy. You can think of SOAR and how it’
-
Nov 25th, 2019
ThreatConnect and ServiceNow: More Integrations for Better Context
We’re strengthening our partnership with ServiceNow® by offering more robust integrations with the ServiceNow Orchestration and ServiceNow Security Operations products, as well as launching a new P
-
Nov 22nd, 2019
Playbook Fridays: Query Jira for Ticket Information
As someone in Customer Success for ThreatConnect, we are constantly asked to push the limits of our creativity for a customer. The Playbook below is the result of such a request. So without ado, I pre
-
Nov 1st, 2019
Playbook Fridays: Query Hashes via Email Submission
We were asked by a customer to extend the analysis functionality of ThreatConnect to other SOC personnel that didn’t have direct access to the Platform. So we did. This Playbook creates a new proc
-
Oct 11th, 2019
Playbook Fridays: Generate Intelligence Reports, Part 2
As promised, below is how to customize this app to change the disclaimer, and contact information. However, I encourage you to stick around as I dig in for a deeper dive, explaining in detail all of t