Playbook Fridays: Converting your IOCs to CSVs

Welcome to ThreatConnect’s Playbook Fridays! We will continually publish posts featuring Playbooks (and sometimes Dashboards!) that can be built in the Platform.

ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention. Below is our latest post:

One of the most common questions we receive in Customer Success is how can we create an automated feed of indicators of compromise (IOCs)? Because of it’s extensible nature, there are many ways to do this within the Platform. However today’s focus is on two ways of creating these automatic feeds. Whether you want to integrate ThreatConnect with your network devices, or simply need a recurring csv report of specific indicators, this video will help guide you through two of the main ways you can use to convert your threat intel into useful data.

Download the Playbook demonstrated in this video, here.

View the video in Spanish:

For more more training resources, visit our Learning Portal at

About the Author

ThreatConnect is the only security platform with comprehensive intelligence, analytics, automation, orchestration, and workflow capabilities native within a single solution. With ThreatConnect, you will be able to increase accuracy and efficiency, improve collaboration of teams and technology, strengthen business-security goal alignment, and build a single source of truth for your entire security team.