Skip to main content
ThreatConnect Acquires Polarity to Transform How Security Uses Intelligence
Press Release
Request a Demo

Playbook Fridays: Converting your IOCs to CSVs

Welcome to ThreatConnect’s Playbook Fridays! We will continually publish posts featuring Playbooks (and sometimes Dashboards!) that can be built in the Platform.

ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention. Below is our latest post:

One of the most common questions we receive in Customer Success is how can we create an automated feed of indicators of compromise (IOCs)? Because of it’s extensible nature, there are many ways to do this within the Platform. However today’s focus is on two ways of creating these automatic feeds. Whether you want to integrate ThreatConnect with your network devices, or simply need a recurring csv report of specific indicators, this video will help guide you through two of the main ways you can use to convert your threat intel into useful data.

[av_video src=’′ mobile_image=” attachment=” attachment_size=” format=’16-9′ width=’16’ height=’9′ conditional_play=” av_uid=’av-wlm5ld’ custom_class=”]

Download the Playbook demonstrated in this video, here.

View the video in Spanish:

For more more training resources, visit our Learning Portal at

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at