Showcasing the Platform’s increased user flexibility for creating Playbooks and expanded options for in-Platform application (App) building
It’s here! Version 5.8 is here: ThreatConnect’s newest Platform features and functionality that we (humbly) think will heighten your experience.
With these “ ease-of-use” updates, we’re continuing to enhance your experience when it comes to the development, design, and management of Playbooks and Apps within the Platform. And, because our Platform can be used by so many different roles in the security team – as a TIP or a holistic intelligence-driven SOAR – it’s crucial that we are easily adaptable and usable. That said, here are some of the added capabilities in this latest version of ThreatConnect:
A highly requested feature that our own team has really had fun developing and using internally, is our new Dark Mode. For those of you working on shifts, we are sure this will be a welcome feature. ThreatConnect now provides a choice for how you can experience the Platform. Depending on your preference and work environment, you can toggle between Light and Dark color palettes. ThreatConnect Dark Mode provides you with an experience that you may be more familiar with, especially when working in a SOC.
ThreatConnect’s Dark Mode
Application (App) Builder
While Dark Mode is certainly exciting, we are especially excited (cough, bias, cough) about the App Builder – which allows users to build and test their own Python-based Playbook apps in-Platform. It lets you skip the tedious steps of building out your own development environment and manage builds and commits through the command line. Instead, you can go right from idea to solution from inside the ThreatConnect UI. You can also add common snippets of code (and create new ones!), leverage methods from our App Framework, and easily manage input and output variables.
In addition to creating your own apps, you can also view the code in existing apps and modify them to suit your needs. Also, third party libraries can be imported for use in the App Builder – this is something we’ve streamlined beyond what’s available in other SOAR platforms.
Also, with a built-in debugger, you can code, debug, and release without setting up a separate environment. This feature was designed to instill a sense of confidence that your final product is flawless and production-ready. Because the debugger is tied directly into ThreatConnect, we’re able to offer loads of features to help you along the way, all directly in the UI:
- Integration testing – stop a Playbook on your App and step through the code line-by-line.
- Centralized information – view app logs and inputs/outputs as you step through the code
- Pinpoint issues even in complex code – view local variables and the call stack
- Data transparency – View command arguments and Playbook variables
We have also incorporated a semantic versioning scheme into the App Builder to help ensure that all of your released app code is properly versioned and tracked.
ThreatConnect’s App Builder
Our Playbooks version control really helps you take automation and orchestration to another level, whether you’re creating Playbooks for your threat intel team, SecOps, or IR team. Because typical Playbooks go through dozens of versions, now you can manage them effectively. With version control you can continuously improve your Playbooks while not losing sight of past iterations. Every time a Playbook is set to Active, a new minor version is autosaved, and you can manually track and comment on major versions. With version control, users can split off and comment on major versions of Playbooks, or merge them into an existing Playbook as a new version.
We’ll continue to keep you updated as new things happen in the Platform. Stay tuned!