Read insights, thought leadership, and platform updates.

ThreatConnect and ANY.RUN have partnered to deliver a Playbook App for joint customers to leverage. With the addition of this Playbook App, you will be able to submit files to ANY.RUN for sandboxing and retrieve results automatically via Playbooks. This all leads to more informed decision making and more efficient remediation of malicious files through […]

ThreatConnect has revamped our existing integration with Slack by leveraging their latest APIs and Authentication, doing this allows us to include a ton more functionality. With Playbooks, you can automatically keep team members informed, get instant updates with notifications or escalations, and create channels as part of investigations. By automating this process, you turn your […]

Today’s post continues an ongoing series on Polarity in Action, demonstrating how Polarity helps you to see the story in your data without sacrificing thoroughness or speed. In today’s video, Polarity’s resident SOC expert, Terry McGraw, walks through an event triage use case, showcasing how Polarity provides analysts with all of the data they need, […]

Executive Summary CrimsonIAS is a Delphi-written backdoor dating back to at least 2017 that enables operators to run command line tools, exfiltrate files, and upload files to the infected machine. CrimsonIAS is notable as it listens for incoming connections only; making it different from typical Windows backdoors that beacons out. The characteristics found in CrimsonIAS’s […]

Building a threat intelligence-led security program with security orchestration, automation, and response (SOAR) capabilities helps to advance your program and gives your company or agency a fighting chance to defeat these advanced and evolving threats. Businesses and organizations with less mature cybersecurity programs tend to be in a constant state of reacting to threats, vulnerabilities, […]

ThreatConnect is pleased to deliver a Playbook App for joint customers to leverage AT&T AlienLabs OTX. With this app, you can query Alien Labs OTX for enrichment information on various indicators of compromise (IOC) types. By automating this process, you bring relevant, timely, and accurate threat intelligence into ThreatConnect and use it to make better, […]

We would like to congratulate Ben Ruffley, Sr. Digital Forensics & Incident Response Manager at Procter & Gamble as the Polarity Community Contributor of the quarter! Ben has greatly helped Polarity build its product roadmap and understand how to improve the Polarity experience for everyone. We encourage all of our Polarity Community members to look […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day, no glasses or goggles required. With over 100 powerful integrations, Polarity’s open-source Integrations Library arms you with the right data at the right time […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day, no glasses or goggles required. With over 100 powerful integrations, Polarity’s open-source Integrations Library arms you with the right data at the right time […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity helps you to see the story in your data without sacrificing thoroughness or speed. According to IBM’s X-Force and Dell Secureworks, Phishing attacks have been the top initial compromise of all breach vectors (i.e. approximately 30%) for the […]

ThreatConnect’s marries cyber risk quantification (CRQ), threat intelligence platform (TIP), and SOAR capabilities.

ThreatConnect’s Workflow capability enables users to continuously improve security processes with a single Platform for process documentation, team collaboration, and artifact enrichment. With Workflow, teams gain efficiencies by streamlining and automating discovery, investigation, monitoring, and response activities. This blog will go over some common use cases SOC and IR teams can accomplish leveraging ThreatConnect Workflow. […]