Read insights, thought leadership, and platform updates.

Create Custom Attribute Types and Validation Rules, then use Playbooks to populate them automatically I was working with a customer who wanted to use ThreatConnect’s Task and workflow features like a traditional ticketing system, with a unique identifier for data objects that they could key off of and pass to other teams as needed. This […]

Possible Fancy Bear Domains Spoofing Anti-Doping and Olympic Organizations Update – 1/19/18 We recently identified two additional domains — login-ukad[.]org[.]uk and adfs-ukad[.]org[.]uk — which appear to spoof UK Anti-Doping. The domain login-ukad.org.uk uses the Domains4Bitcoins name server previously mentioned and, as of January 19 2018, is hosted on dedicated server at the IP 185.189.112[.]191. This […]

How to Avoid Phishing Attacks We’ve all heard the phishing attack stories that start with someone receiving an email that requests an urgent invoice review or password change, and ends with a data breach where personal information is compromised and money is lost. Although many of us may roll our eyes at the possibility of […]

Playbook Fridays: Task Management Simulate a task in ThreatConnect which can be modified to recur daily, weekly, or monthly   ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and […]

Learn about the threats and how to protect your healthcare organization Summary Medical and health organizations, which include organizations operating in the pharmaceutical sector, face a variety of threats that are inherent to the services they provide and the data they safeguard. Within medical and health verticals the risks associated with compromise are often significantly […]

Query abuse.net for abuse contacts registered to a domain ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. You can also communicate with third-party services to trigger events outside of ThreatConnect. Why Was the Playbook Created? With the massive amount of […]

Joining the cyber community to conduct independent analysis of the DNC Hack Recently, an article purported that the Democratic National Committee (DNC) turned down requests from FBI forensic units to look at its server and instead opted to use ThreatConnect and two other cyber security firms. While we cannot speak to the veracity of the […]

Playbook Fridays: Screenshot Capture Playbook ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. You can also communicate with third-party services to trigger events outside of ThreatConnect. Why was this Playbook created? When analyzing a phishing page, keeping a screenshot as […]

Playbook Fridays: How To Control The Cloud With Playbooks Interacting with SNS from ThreatConnect Playbooks ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. You can also communicate with third-party services to trigger events outside of ThreatConnect. Why Was the Playbook […]

A look into BlackEnergy malware and using ThreatConnect to aggregate and memorialize the identified intelligence. As workers prepared to head home on December 23, 2015, an attack against Ukraine’s energy sector left 230,000 without electricity (or heat) for six hours. The attackers demonstrated a variety of capabilities, including spearphishing emails and variants of the BlackEnergy […]

This week: Palo Alto Wildfire Malware Triage Playbook ThreatConnect is beginning a NEW blog post series. We will continually publish posts featuring Playbooks that can be built in the Platform. ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in […]

Automate almost any cybersecurity process – no coding needed Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. To learn how to automate these things (along with almost any cybersecurity task) using an easy drag-and-drop interface, watch the video, Save Time and Act Faster with Playbooks. It’s presented by Dan […]