Read insights, thought leadership, and platform updates.

ThreatConnect has partnered with Check Point and built a Playbook App for our joint customers to leverage. With the addition of this new Playbook App, immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence. Check Point’s Unified Security Management gives you unified management control […]

Workflow Refresher Earlier this year, in ThreatConnect 6.0, we released a new feature called Workflow. This capability enables users to define and memorialize processes for teams across the security organization. With Workflow, analysts and supervisors can establish a set of tasks necessary to complete a given type of investigation and share it with others on […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity augments analysts to deliver superhuman recall and contextual awareness. Whether a SOC operates 24×7, follows the sun, or hands off to a third party, it is critical that event analysis continues seamlessly across shifts and analysts. Critical actions […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day. With over 100 powerful integrations the Polarity open-source Integrations Library arms you with the right data at the right time to make informed decisions […]

Introduction Security Orchestration, Automation and Response (SOAR) platforms gain a lot of strength from the technologies they have in place to enable integrations and the quality of those integrations. As a SOAR vendor, building integrations internally results in high-quality solutions for our customers but it’s not the only way to make those integrations happen. With […]

Executive Summary Recently, an international NGO that provides threat sharing and analysis support to frequently targeted communities reached out to ThreatConnect wanting to learn more about the origins of a targeted phishing attack they were researching. Researching both the attacker’s infrastructure and tooling, we believe the nexus of the attack to be DPRK’s Kimsuky group […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center SOC) use cases; demonstrating how Polarity augments analysts for superhuman speed and thoroughness. Hash values can help verify whether activity found within logs has already been determined as a “known-bad” and can be used to correlate activity between network devices and netflows. These are […]

ThreatConnect now supports Sigma Signatures! As a quick refresher, Sigma is a generic and open signature format for SIEM systems. It allows you to describe relevant log events straightforwardly. The rule format is very flexible, easy to write, and applicable to any log file type. This project’s primary purpose is to provide a structured form […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day, no glasses or goggles required. With over 100 powerful integrations, Polarity’s open-source Integrations Library arms you with the right data at the right time […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]