ThreatConnect 7.10 is Live: Unified Vulnerability Intelligence, Enhanced Search, and Streamlined Workflows for Security Teams

Every vulnerability tells a story—but when that story is scattered across a dozen different intelligence feeds, understanding the real threat becomes nearly impossible.

Consider the challenge: CVE-2023-23397 appears in your threat feeds with conflicting CVSS scores, fragmented timeline data, and intelligence buried across multiple sources. Your analysts burn hours manually connecting these dots while real threats go unaddressed. ThreatConnect 7.10 changes this fundamental problem by delivering complete vulnerability context in unified views, enhanced search capabilities, and streamlined workflows that reduce intelligence fragmentation.

Let’s take a closer look at what’s new in 7.10 and how it transforms vulnerability intelligence from chaos into clarity.

🎯 Unified Vulnerability Intelligence: Because Context Shouldn’t Be Scattered

Here’s the reality: CVE-2023-23397 appears in your NIST feed, your commercial intelligence feed, and your internal analysis. Each source has different metadata, different context, and different timelines. Your analysts waste precious time manually correlating this fragmented intelligence—and often miss critical connections.

That changes with 7.10’s revolutionary Unified Vulnerability View.

With Unified Vulnerability View, you can see complete vulnerability context in one consolidated view, with real-time insights from every source.

Picture this:

• You’re investigating a critical Microsoft Outlook vulnerability that’s being actively exploited. Instead of checking three different vulnerability groups, you see severity scores, CVSS data, KEV status from CISA, and intelligence from every contributing feed—all on one screen.
• A vulnerability researcher tracking exploit development can instantly see which sources contributed intelligence, when scores changed, and how threat assessments evolved, without manually sifting through separate feeds.
• A SOC analyst can pull up any CVE and immediately know “This is on CISA’s Known Exploited Vulnerabilities list” or “CVSS score upgraded from 7.2 to 8.8 based on new intelligence” right at the top. That kind of consolidated context accelerates decision-making and reduces missed threats.

You can even drill down into individual sources while maintaining complete visibility into the unified picture, because we know that sometimes you need both the forest and the trees.

Intel Hub: Mapping TTPs to Real Financial Risk

This is the first true realization of our Intel Hub vision: bridging the gap between threat intelligence and business risk.

For years, cyber defense teams focused on questions like:

• “Is this technique common?”
• “Is this threat targeting my industry?”
• “How hard is it to defend against?”

But what they couldn’t see was how much financial damage these techniques might cause if they succeed.

That changes with TI Ops 7.10. Now, for the first time, you can:

• Instantly see which MITRE ATT&CK techniques pose the highest financial risk to your organization.
• Prioritize detection, hunting, and defense not just by frequency — but by potential business impact.
• Tie your security actions directly to financial outcomes that resonate with executives and boards.

This isn’t about theoretical scoring — it’s grounded in real data. Behind the scenes, our models leverage decades of historical cyber loss data, insurance claims, and financial reports to estimate how costly each TTP could be for organizations in your industry and size.

Supercharge it with RQ
The financial risk insights in TI Ops come from ThreatConnect Risk Quantifier (RQ), our dedicated cyber risk quantification engine. If you’re an RQ customer, you can go even further — customizing financial risk models based on your own revenue, business units, and specific controls. Together, TI Ops and RQ transform threat intel from technical data into business decision power.

This is the Intel Hub in action: connecting threat intelligence and financial risk to help security teams defend not just systems, but the business itself.

⚡ Query the Future—with Cross-Source TQL and Enhanced Search

This release enables better vulnerability intelligence consolidation, but the real goal is to accelerate analysis through unified querying. Previously, finding high-severity vulnerabilities across all your sources meant keeping track of the specific attribute types where that data was stored. Now you can query everything at once.

With 7.10’s enhanced TQL functionality, you can:

• Run hasCommonGroup(cvss_score_v3>7.0 OR cvss_score_v3_1>7.0 OR cvss_score_v4>7.0) and get results across ALL vulnerability sources
• Query hasCommonGroup(knownRansomwareCampaignUse=”known”)  to find CISA-confirmed threats from any feed
• Use Advanced mode in the new Search / Browse interface  to query for typeName in (“Vulnerability”) and hasCommonGroup(id is NOT NULL) to see unified vulnerability groupings

It is important to note that in the new Search / Browse interface, users must select “Groups” after navigating to the “Search & Create” page and then switch into Advanced Search mode in order to do the TQL queries above.

Use Case: A CTI analyst investigating ProxyShell exploitation campaigns needs to understand CVE-2021-34473’s current threat landscape. Using Unified Vulnerability View, they instantly see: CVSS 3.1 score of 9.8 from NIST, KEV listing confirmation from CISA, active exploitation TTPs from commercial feeds, and internal incident correlations—all in one view. Previously, this intelligence correlation required checking 4-5 separate vulnerability groups and cross-referencing manually.

Meanwhile, a vulnerability researcher tracking zero-day disclosure patterns can query for recently published CVEs with CVSS >8.0, filter by affected vendor (Microsoft, Apache, etc.), and see real-time intelligence aggregation from government, commercial, and OSINT sources—enabling faster threat landscape assessment.

It’s comprehensive, unified, and built to make your next investigative step obvious.

🔍 Enhanced Search Experience: Upload, Query, Discover

Ever need to check the status of hundreds of indicators at once? Or run bulk vulnerability assessments across large datasets?

In 7.10, you can now upload files for bulk search operations—perfect for processing large indicator sets.

Plus, we’ve streamlined the entire search experience:

• Repositioned owner selectors right where you need them for faster source switching
• Enhanced context menus for Intel Requirements with direct follow/unfollow actions
• Improved UI navigation with consistent vertical menus across tools and automation
• Add unknown indicators to your org individually or in bulk directly from Search

Example: During a supply chain security assessment, an analyst receives 2,000 software component identifiers that need threat intelligence enrichment. Using 7.10’s bulk search functionality, they upload the complete list, instantly retrieve existing vulnerability mappings and threat scores, then export enriched results with full context for risk prioritization—transforming days of manual lookup into minutes of automated processing.

⚡ Real-Time Intelligence Updates: See Impact Immediately

Ever make critical edits to an indicator’s attributes, then wait (and wait) to see how it affects the threat assessment score? Those days are over.

In 7.10, you get on-demand ThreatAssess score recalculation—make an update, click recalculate, see the new score instantly. That means:

• No more waiting for a monitor to run
• Immediate feedback on your intelligence modifications
• Real-time validation of scoring changes

Plus, we’ve enhanced read-only user permissions so analysts can manage event statuses without requiring elevated access—better workflow for SOC teams with security-conscious permission structures.

🚀 From Intelligence to Action: Playbooks and Real-Time Analysis

Intelligence without action is just expensive data. That’s why 7.10 integrates seamlessly with ThreatConnect Playbooks, putting automated remediation and escalation workflows at your analysts’ fingertips. ThreatConnect’s vulnerability management apps can search for, retrieve, and prioritize vulnerabilities, while incident response and ticketing apps can create tickets in third-party systems like Jira, ServiceNow, or IBM Resilient.

And it all flows downstream to Polarity, ensuring your analysts have this enriched vulnerability context exactly when and where they need it. Polarity eliminates context switching across browser tabs and surfaces in-line insights wherever analysts work, integrating with SOAR tools and ticketing systems to take automated actions or initiate deeper investigations immediately

Example: A SOC analyst investigating suspicious activity sees an unfamiliar hash in their security tool. Polarity instantly surfaces a unified vulnerability context from ThreatConnect—showing threat assessment scores, source information, and associated groups and indicators. From there, pre-configured playbooks can automatically trigger appropriate response workflows, turning investigation into immediate action.

🧭 Browse Improvements, Workflow Enhancements, and Quality-of-Life Upgrades

This release isn’t just about unified vulnerability intelligence. We’ve also added thoughtful improvements that make daily workflows smoother:

• Owner selector repositioning for faster source management
• Enhanced Intel Requirements context menus with right-click actions
• Updated navigation ensures consistency across tools and automation sections
• Improved read-only permissions for better event management workflows
• Dashboard enhancements make it easier to manage the dashboards you use daily
• New “My Pages” option lets you bookmark the pages you use most often

Plus: We’ve made behind-the-scenes improvements to search performance and query processing that will boost efficiency for high-volume vulnerability intelligence users.

TL;DR: Why 7.10 Matters

Vulnerability intelligence shouldn’t be fragmented. With ThreatConnect 7.10, you’re better equipped to:

 ✅ See complete vulnerability context in unified views across all sources

 ✅ Connect vulnerabilities to threat actor TTPs and financial business impact

 ✅ Query faster with enhanced search capabilities

 ✅ Trigger immediate response through integrated playbooks and workflows

 ✅ Deliver intelligence to analysts at the moment of decision via Polarity integration

 ✅ Process bulk data efficiently with bulk search file upload and improved workflows

 ✅ Get immediate feedback on intelligence modifications and scoring changes

In short, you’ll spend less time hunting for scattered vulnerability intelligence and more time acting on a unified, complete context.

This is the Intel Hub vision realized: complete vulnerability intelligence through Unified Vulnerability View, and immediate action.

👉 Ready to dive in?

For more insight, check out the full release notes, or better yet, schedule a demo today! Existing customers can also chat with their Customer Success Manager for a guided walkthrough—we’re here for you.

Here’s to faster, smarter, more unified vulnerability intelligence operations.