-
Mar 13th, 2020
Playbook Fridays: ATT&CK Tag Framework
This Component creates a uniform structure for ATT&CK tags which can then be leveraged to create TQL queries, dashboards, or even newer Playbooks. And, since this is a Component, it can be added t
-
Feb 21st, 2020
Playbook Fridays: dan.me TOR Full List with Details
This Playbook gets the listing of TOR nodes from dan.me website and parses all of the information into ThreatConnect for consumption. TOR is often used by malicious actors to conceal their identity an
-
Feb 10th, 2020
Introducing ThreatConnect’s New Learning Portal
New courses and our knowledge base are combined in one place We are very excited to introduce our new Learning Portal! Accessible to all of our registered users, this portal not only houses the cours
-
Jan 24th, 2020
Playbook Fridays: The Indicator Importer Spaces App
A Case Study in Using Playbooks with Spaces Apps How to use Playbooks to make spaces apps more effective You can find the Indicator Importer spaces app discussed in this post here. There are two goals
-
Dec 6th, 2019
Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
Querying GreyNoise’s both free and paid APIs to retrieve insights on IOCs for alert triaging and filtering purposes Analysts get inundated with alerts from all sorts of activity; both targeted and a
-
Nov 25th, 2019
ThreatConnect and ServiceNow: More Integrations for Better Context
We’re strengthening our partnership with ServiceNow® by offering more robust integrations with the ServiceNow Orchestration and ServiceNow Security Operations products, as well as launching a new P
-
Nov 22nd, 2019
Playbook Fridays: Query Jira for Ticket Information
As someone in Customer Success for ThreatConnect, we are constantly asked to push the limits of our creativity for a customer. The Playbook below is the result of such a request. So without ado, I pre
-
Nov 1st, 2019
Playbook Fridays: Query Hashes via Email Submission
We were asked by a customer to extend the analysis functionality of ThreatConnect to other SOC personnel that didn’t have direct access to the Platform. So we did. This Playbook creates a new proc
-
Oct 11th, 2019
Playbook Fridays: Generate Intelligence Reports, Part 2
As promised, below is how to customize this app to change the disclaimer, and contact information. However, I encourage you to stick around as I dig in for a deeper dive, explaining in detail all of t
-
Oct 7th, 2019
Best Practices for Writing Playbooks, Part 2
This is Part 2 of the Best Practices for Writing Playbooks in ThreatConnect blog post series. This time, I wanted to get into the weeds on some best practices for development and testing. If you hav
-
Oct 4th, 2019
Playbook Fridays: Generate Intelligence Reports
John Locke, a wise man, once said, “No man’s knowledge here can go beyond his experience.” The same is true with the latest release of ThreatConnect that includes quite a few new f
-
Sep 16th, 2019
The Secret to our (Customer) Success
I recently sat down with Jody Caldwell, the Senior Director of Customer Success at ThreatConnect, to pick his brain and understand the specifics of how we help a customer from initial deployment throu
Dataminr to Acquire ThreatConnect
Joining Forces with Dataminr to Accelerate Threat and Risk‑Informed Defense