Read insights, thought leadership, and platform updates.

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases, demonstrating how Polarity helps you to see the story in your data without sacrificing thoroughness or speed. Despite the power and promise of SOAR capabilities, the fact remains that operational impact awareness is still often left to humans. Just because one […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. Roundup Highlight: Possible Ryuk Infrastructure […]

Using neural networks to identify algorithmically generated domains (AGDs) The problem with today’s generation A while back, we released a new CAL Feed that leveraged our ability to detect domains that were generated via an algorithm.  This is an interesting cohort of domains — they’re typically generated by machines and for machines.  That alone makes […]

ThreatConnect has partnered with Check Point and built a Playbook App for our joint customers to leverage. With the addition of this new Playbook App, immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence. Check Point’s Unified Security Management gives you unified management control […]

Workflow Refresher Earlier this year, in ThreatConnect 6.0, we released a new feature called Workflow. This capability enables users to define and memorialize processes for teams across the security organization. With Workflow, analysts and supervisors can establish a set of tasks necessary to complete a given type of investigation and share it with others on […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity augments analysts to deliver superhuman recall and contextual awareness. Whether a SOC operates 24×7, follows the sun, or hands off to a third party, it is critical that event analysis continues seamlessly across shifts and analysts. Critical actions […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day. With over 100 powerful integrations the Polarity open-source Integrations Library arms you with the right data at the right time to make informed decisions […]

Introduction Security Orchestration, Automation and Response (SOAR) platforms gain a lot of strength from the technologies they have in place to enable integrations and the quality of those integrations. As a SOAR vendor, building integrations internally results in high-quality solutions for our customers but it’s not the only way to make those integrations happen. With […]

Executive Summary Recently, an international NGO that provides threat sharing and analysis support to frequently targeted communities reached out to ThreatConnect wanting to learn more about the origins of a targeted phishing attack they were researching. Researching both the attacker’s infrastructure and tooling, we believe the nexus of the attack to be DPRK’s Kimsuky group […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center SOC) use cases; demonstrating how Polarity augments analysts for superhuman speed and thoroughness. Hash values can help verify whether activity found within logs has already been determined as a “known-bad” and can be used to correlate activity between network devices and netflows. These are […]