-
Jan 29th, 2021
ThreatConnect and ANY.RUN – Better Malware Analysis
ThreatConnect and ANY.RUN have partnered to deliver a Playbook App for joint customers to leverage. With the addition of this Playbook App, you will be able to submit files to ANY.RUN for sandboxing a
-
Jan 28th, 2021
ThreatConnect and Slack: Streamline Investigative Team Collaboration
ThreatConnect has revamped our existing integration with Slack by leveraging their latest APIs and Authentication, doing this allows us to include a ton more functionality. With Playbooks, you can aut
-
Jan 27th, 2021
CrimsonIAS: Listening for an 3v1l User
Executive Summary CrimsonIAS is a Delphi-written backdoor dating back to at least 2017 that enables operators to run command line tools, exfiltrate files, and upload files to the infected machine. Cri
-
Jan 25th, 2021
TIP & SOAR: Creating Increased Capability For Less Mature Teams
Building a threat intelligence-led security program with security orchestration, automation, and response (SOAR) capabilities helps to advance your program and gives your company or agency a fighting
-
Jan 21st, 2021
ThreatConnect and AlienLabs OTX: Give Your Investigations Community Support
ThreatConnect is pleased to deliver a Playbook App for joint customers to leverage AT&T AlienLabs OTX. With this app, you can query Alien Labs OTX for enrichment information on various indicators
-
Jan 6th, 2021
Risk Quantification, Threat Intelligence & Automation: Stronger Together
ThreatConnect's marries cyber risk quantification (CRQ), threat intelligence platform (TIP), and SOAR capabilities.
-
Dec 22nd, 2020
8 Ways SOC & IR Teams Can Use ThreatConnect’s Workflow Capability
ThreatConnect’s Workflow capability enables users to continuously improve security processes with a single Platform for process documentation, team collaboration, and artifact enrichment. With W
-
Dec 22nd, 2020
How to Use Workflow to Conduct Phishing Analysis Part 2 – Automating Phase 1
While most organizations (88% in 2019 according to ProofPoint’s State of the Phish 2020 report) are targeted by spear phishing emails each year, the processes by which these messages are triaged and
-
Dec 18th, 2020
Tracking Sunburst-Related Activity with ThreatConnect Dashboards
Recently FireEye discovered that the SolarWinds Orion IT monitoring platform was compromised earlier this year. The threat actor used SolarWinds cryptographic keys to sign multiple backdoored files po
-
Dec 17th, 2020
Tactical Threat Hunting (Part 1): Providing the information that matters, when it matters.
This is part 1 of a 2 part series. In a previous article, “SOAR: An Incident Responder’s Best Friend,” we discussed the issues facing Incident Responders today and how Security Orchestration
-
Dec 15th, 2020
Infrastructure Research and Hunting: Boiling the Domain Ocean
The Diamond Model of Intrusion Analysis identifies two main nodes as actor assets that may ultimately interact with a target / victim’s own assets — capabilities and infrastructure. But while
-
Dec 14th, 2020
ThreatConnect and Cisco Identity Services Engine (ISE): Streamline Security Policy Updates
ThreatConnect and Cisco have partnered to deliver a Playbook app for joint customers to leverage. With this Playbook app, you can control the network status of an endpoint in Cisco ISE. The Cisco Iden
Dataminr Redefines Cyber Defense with AI-Powered Client-Tailored Intelligence and Autonomous Threat and Exposure Management
Learn More