Read insights, thought leadership, and platform updates.

With these Playbooks, create the sharing and connection between two otherwise segmented products These two Playbooks allow you to orchestrate the ability to retrieve files deemed malicious by Palo Alto Wildfire and submit them to VMRay for a full malware analysis. They bridge the gap between two malware analysis products, as well as create actionable threat […]

Today’s post features two Playbook Components designed to query Koodous. The Playbook Components are available on our GitHub repository here. The first component, named “[Koodous] Request APK Data.pbx”, takes the sha256 hash of a file as input and returns information for this file, if any exists, from Koodous. If you would like to test this […]

We have exciting news: ThreatConnect now supports the MITRE ATT&CK Framework! What does this mean for our users? By applying Tags to Indicators and Groups, you’ll be able to classify your intelligence in ThreatConnect using the tactics and techniques of MITRE ATT&CK and, more importantly, derive meaningful conclusions to help you prioritize response and make […]

ThreatConnect Research reviews phishing activity targeting Bellingcat researcher Christo Grozev and identifies a series of ProtonMail-spoofing domains most likely associated with attacks on Russia focused researchers and journalists.  On July 24th, Bellingcat shared a phishing email from July 23rd that unsuccessfully targeted Christo Grozev, a Bellingcat contributor who focuses on Russia-related security threats and weaponization […]

This Playbook allows you — without writing code — to automate the ingestion of Snort rules into the ThreatConnect Platform A customer needed a short turnaround solution for bringing CrowdStrike’s Snort Ruleset and due to the relatively small dataset being worked with, Playbooks was the optimal solution. Without Playbooks, you would either have to manually […]

In boxing, coaches and athletes alike perfect various moves for delivery in specific sequences. If executed properly, these sequences or “combinations” can help establish a superior position over an opponent. One such combination is known as the “1-2-3 Combo.” Polarity, in collaboration with IBM, is now empowering cyber security professionals with the equivalent of boxing’s […]

This Friday, we introduce a Playbook Component that allows you to change the status of an Indicator. An Indicator’s status classifies the Indicator as either active or inactive. An active status indicates that the Indicator should be treated as an indicator of compromise (IOC) at the current time. An inactive status lets you keep an […]

The new and improved CAL is now active in the ThreatConnect Platform! Have you heard of CAL? Yes, you have? Awesome! No, you haven’t? Well, to quickly explain, ThreatConnect’s CAL™ (Collective Analytics Layer) provides anonymized, crowdsourced intel about your threats and indicators. It leverages the collective insight of the thousands of analysts who use ThreatConnect […]

Set up phishing and feed mailboxes for automated ingestion of indicators and phishing emails ThreatConnect allows users to setup phishing and feed mailboxes for automated ingestion of both indicators and phishing emails. These mailboxes can be setup to receive emails directly from network devices or receive the headers in the form of attachments. Upon ingestion […]

We are happy to announce our latest Polarity 3.1 client, Polarity Web 3.4 and Polarity 3.7 Server releases. This release includes some great new features and the official release of our Linux client. Check out the gifs below to learn more. Features in New Release Linux Client: We now support Ubuntu 16 and 18, Centos […]

What the Rebels Taught Me About Building Alliances To say that ThreatConnect has a “thing” for Star Wars would be putting it mildly. Whether it be our office decor, the names of our conference rooms, the themes of our t-shirts, or our blog posts, everything at ThreatConnect is viewed through certain Star Wars-colored lenses. As […]

Showcasing the Platform’s increased user flexibility for creating Playbooks and expanded options for in-Platform application (App) building It’s here! Version 5.8 is here: ThreatConnect’s newest Platform features and functionality that we (humbly) think will heighten your experience. With these “ ease-of-use” updates, we’re continuing to enhance your experience when it comes to the development, design, […]