-
Aug 27th, 2019
Best Practices for Writing Playbooks in ThreatConnect, Part 1
Proper naming conventions, using Descriptions and Labels, and more! This is the first of a multi-part series of posts on Playbooks best practices. There’s a lot of material to cover, and it would
-
Aug 23rd, 2019
Playbook Fridays: Reporting Through Email Attachment
This Playbook streamlines a process for reporting to a threat intel team without asking the reporting party to rework any existing infrastructure, or go too far out of their way to make findings acces
-
Aug 21st, 2019
CAL™ 2.2 Brings Improved Data Hygiene and More Robust Graph Modeling
Right on the heels of our 2.1 CAL update, we’re keeping up the momentum with the release of CAL 2.2! As a refresher, ThreatConnect’s CAL™ (Collective Analytics Layer) provides anonymized, crowds
-
Jul 26th, 2019
Playbook Fridays: Query Palo Alto Wildfire For New Submissions / Submit Wildfire Binary to VMRay
With these Playbooks, create the sharing and connection between two otherwise segmented products These two Playbooks allow you to orchestrate the ability to retrieve files deemed malicious by Palo Alt
-
Jul 12th, 2019
Playbook Fridays: Koodous Playbook Components
Today’s post features two Playbook Components designed to query Koodous. The Playbook Components are available on our GitHub repository here. The first component, named “[Koodous] Request APK
-
Jun 26th, 2019
Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
ThreatConnect Research reviews phishing activity targeting Bellingcat researcher Christo Grozev and identifies a series of ProtonMail-spoofing domains most likely associated with attacks on Russia foc
-
Jun 14th, 2019
Playbook Fridays: CrowdStrike Snort Rules Ingest
This Playbook allows you — without writing code — to automate the ingestion of Snort rules into the ThreatConnect Platform A customer needed a short turnaround solution for bringing CrowdS
-
Jun 7th, 2019
Playbook Fridays: Indicator Status Updater Playbook Component
This Friday, we introduce a Playbook Component that allows you to change the status of an Indicator. An Indicator’s status classifies the Indicator as either active or inactive. An active status ind
-
May 21st, 2019
Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
The new and improved CAL is now active in the ThreatConnect Platform! Have you heard of CAL? Yes, you have? Awesome! No, you haven’t? Well, to quickly explain, ThreatConnect’s CAL™ (Collective A
-
May 17th, 2019
Orchestrate Actions Based on Automating Phishing Email Analysis
Set up phishing and feed mailboxes for automated ingestion of indicators and phishing emails ThreatConnect allows users to setup phishing and feed mailboxes for automated ingestion of both indicators
-
May 4th, 2019
May the Force (of Partnerships) Be With You
What the Rebels Taught Me About Building Alliances To say that ThreatConnect has a “thing” for Star Wars would be putting it mildly. Whether it be our office decor, the names of our conference roo
-
Apr 26th, 2019
Introducing ThreatConnect’s Version 5.8
Showcasing the Platform’s increased user flexibility for creating Playbooks and expanded options for in-Platform application (App) building It’s here! Version 5.8 is here: ThreatConnect’s newest