Read insights, thought leadership, and platform updates.

We’re excited to announce our updated integration with Splunk, a platform that empowers teams from Security to IoT to Business Analysis with data. These updates will enable Polarity users to retrieve a more in-depth analysis from different Splunk queries even more seamlessly than before. Now, instead of running the same Splunk query over and over to get […]

As promised, below is how to customize this app to change the disclaimer, and contact information. However, I encourage you to stick around as I dig in for a deeper dive, explaining in detail all of the code within this app. With that said, let’s go! Replace everything after the = on Lines 32-34 and […]

Ever gotten an email with a link and wondered what that link is and if you should click on it? Ever seen a random url in your logs and wondered what it is? Well, with Polarity’s latest integration with urlscan, you will always know if that url or domain is malicious or not! What is […]

This is Part 2 of the Best Practices for Writing Playbooks in ThreatConnect blog post series. This time, I wanted to get into  the weeds on some best practices for development and testing. If you haven’t already read it, I highly recommend taking a minute and reading Part 1, here. To Playbook or not to […]

 John Locke, a wise man, once said, “No man’s knowledge here can go beyond his experience.” The same is true with the latest release of ThreatConnect that includes quite a few new features. The feature that has me excited the most is the AppBuilder functionality. The primary reason is that I can see the full […]

I recently sat down with Jody Caldwell, the Senior Director of Customer Success at ThreatConnect, to pick his brain and understand the specifics of how we help a customer from initial deployment throughout the entire span of their relationship with ThreatConnect. Will you describe your role at ThreatConnect? What does a day look like for […]

For all of the other applications that ThreatConnect does not have an integration for, API is the best way to go. With the repeating of calling IOC data, the use of the Component allows you to have all of that data in a format to map it as needed The reason for the PlayBook came […]

Our latest integration is with Lightweight Directory Access Protocol (LDAP). The Polarity – LDAP integration automatically searches LDAP for usernames and emails and returns associated accounts. What is LDAP? Lightweight Directory Access Protocol or otherwise known as LDAP is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files […]

This blog post is for boots-on-the-ground security analysts. Managers, turn back now! By the end, you’ll be able to create a tailor-made dashboard in ThreatConnect to help inform your day-to-day activities. “Flash! Ah-ah! Savior of the universe!” -Queen I cringe a little bit whenever I hear someone say that dashboards are just to show “pretty […]

Proper naming conventions, using Descriptions and Labels, and more! This is the first of a multi-part series of posts on Playbooks best practices.  There’s a lot of material to cover, and it would be too much for a single post. In Part 1,  I’m sticking to the basics – how to use proper naming conventions […]

This Playbook streamlines a process for reporting to a threat intel team without asking the reporting party to rework any existing infrastructure, or go too far out of their way to make findings accessible. This also works regardless of who the reporting party is; whether that is a SOC, customer, or industry partner. The most […]

Right on the heels of our 2.1 CAL update, we’re keeping up the momentum with the release of CAL 2.2! As a refresher, ThreatConnect’s CAL™ (Collective Analytics Layer) provides anonymized, crowdsourced intel about your threats and indicators. It leverages the collective insight of the thousands of analysts who use ThreatConnect worldwide to provide you with […]