Read insights, thought leadership, and platform updates.

For all of the other applications that ThreatConnect does not have an integration for, API is the best way to go. With the repeating of calling IOC data, the use of the Component allows you to have all of that data in a format to map it as needed The reason for the PlayBook came […]

Our latest integration is with Lightweight Directory Access Protocol (LDAP). The Polarity – LDAP integration automatically searches LDAP for usernames and emails and returns associated accounts. What is LDAP? Lightweight Directory Access Protocol or otherwise known as LDAP is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files […]

This blog post is for boots-on-the-ground security analysts. Managers, turn back now! By the end, you’ll be able to create a tailor-made dashboard in ThreatConnect to help inform your day-to-day activities. “Flash! Ah-ah! Savior of the universe!” -Queen I cringe a little bit whenever I hear someone say that dashboards are just to show “pretty […]

Proper naming conventions, using Descriptions and Labels, and more! This is the first of a multi-part series of posts on Playbooks best practices.  There’s a lot of material to cover, and it would be too much for a single post. In Part 1,  I’m sticking to the basics – how to use proper naming conventions […]

This Playbook streamlines a process for reporting to a threat intel team without asking the reporting party to rework any existing infrastructure, or go too far out of their way to make findings accessible. This also works regardless of who the reporting party is; whether that is a SOC, customer, or industry partner. The most […]

Right on the heels of our 2.1 CAL update, we’re keeping up the momentum with the release of CAL 2.2! As a refresher, ThreatConnect’s CAL™ (Collective Analytics Layer) provides anonymized, crowdsourced intel about your threats and indicators. It leverages the collective insight of the thousands of analysts who use ThreatConnect worldwide to provide you with […]

With these Playbooks, create the sharing and connection between two otherwise segmented products These two Playbooks allow you to orchestrate the ability to retrieve files deemed malicious by Palo Alto Wildfire and submit them to VMRay for a full malware analysis. They bridge the gap between two malware analysis products, as well as create actionable threat […]

Today’s post features two Playbook Components designed to query Koodous. The Playbook Components are available on our GitHub repository here. The first component, named “[Koodous] Request APK Data.pbx”, takes the sha256 hash of a file as input and returns information for this file, if any exists, from Koodous. If you would like to test this […]

We have exciting news: ThreatConnect now supports the MITRE ATT&CK Framework! What does this mean for our users? By applying Tags to Indicators and Groups, you’ll be able to classify your intelligence in ThreatConnect using the tactics and techniques of MITRE ATT&CK and, more importantly, derive meaningful conclusions to help you prioritize response and make […]

ThreatConnect Research reviews phishing activity targeting Bellingcat researcher Christo Grozev and identifies a series of ProtonMail-spoofing domains most likely associated with attacks on Russia focused researchers and journalists.  On July 24th, Bellingcat shared a phishing email from July 23rd that unsuccessfully targeted Christo Grozev, a Bellingcat contributor who focuses on Russia-related security threats and weaponization […]

This Playbook allows you — without writing code — to automate the ingestion of Snort rules into the ThreatConnect Platform A customer needed a short turnaround solution for bringing CrowdStrike’s Snort Ruleset and due to the relatively small dataset being worked with, Playbooks was the optimal solution. Without Playbooks, you would either have to manually […]

In boxing, coaches and athletes alike perfect various moves for delivery in specific sequences. If executed properly, these sequences or “combinations” can help establish a superior position over an opponent. One such combination is known as the “1-2-3 Combo.” Polarity, in collaboration with IBM, is now empowering cyber security professionals with the equivalent of boxing’s […]