Posts
-
Nov 1st, 2019
Playbook Fridays: Query Hashes via Email Submission
We were asked by a customer to extend the analysis functionality of ThreatConnect to other SOC personnel that didn’t have direct access to the Platform. So we did. This Playbook creates a new proc
-
Oct 11th, 2019
Playbook Fridays: Generate Intelligence Reports, Part 2
As promised, below is how to customize this app to change the disclaimer, and contact information. However, I encourage you to stick around as I dig in for a deeper dive, explaining in detail all of t
-
Oct 7th, 2019
Best Practices for Writing Playbooks, Part 2
This is Part 2 of the Best Practices for Writing Playbooks in ThreatConnect blog post series. This time, I wanted to get into the weeds on some best practices for development and testing. If you hav
-
Oct 4th, 2019
Playbook Fridays: Generate Intelligence Reports
John Locke, a wise man, once said, “No man’s knowledge here can go beyond his experience.” The same is true with the latest release of ThreatConnect that includes quite a few new f
-
Sep 16th, 2019
The Secret to our (Customer) Success
I recently sat down with Jody Caldwell, the Senior Director of Customer Success at ThreatConnect, to pick his brain and understand the specifics of how we help a customer from initial deployment throu
-
Sep 13th, 2019
Playbook Fridays: Component IOC All Data Pull
For all of the other applications that ThreatConnect does not have an integration for, API is the best way to go. With the repeating of calling IOC data, the use of the Component allows you to have al
-
Aug 27th, 2019
Best Practices for Writing Playbooks in ThreatConnect, Part 1
Proper naming conventions, using Descriptions and Labels, and more! This is the first of a multi-part series of posts on Playbooks best practices. There’s a lot of material to cover, and it would
-
Aug 23rd, 2019
Playbook Fridays: Reporting Through Email Attachment
This Playbook streamlines a process for reporting to a threat intel team without asking the reporting party to rework any existing infrastructure, or go too far out of their way to make findings acces
-
Aug 21st, 2019
CAL™ 2.2 Brings Improved Data Hygiene and More Robust Graph Modeling
Right on the heels of our 2.1 CAL update, we’re keeping up the momentum with the release of CAL 2.2! As a refresher, ThreatConnect’s CAL™ (Collective Analytics Layer) provides anonymized, crowds
-
Jul 26th, 2019
Playbook Fridays: Query Palo Alto Wildfire For New Submissions / Submit Wildfire Binary to VMRay
With these Playbooks, create the sharing and connection between two otherwise segmented products These two Playbooks allow you to orchestrate the ability to retrieve files deemed malicious by Palo Alt
-
Jul 12th, 2019
Playbook Fridays: Koodous Playbook Components
Today’s post features two Playbook Components designed to query Koodous. The Playbook Components are available on our GitHub repository here. The first component, named “[Koodous] Request APK
-
Jun 26th, 2019
Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
ThreatConnect Research reviews phishing activity targeting Bellingcat researcher Christo Grozev and identifies a series of ProtonMail-spoofing domains most likely associated with attacks on Russia foc