ThreatConnect is pleased to deliver a Playbook App for joint customers to leverage AT&T AlienLabs OTX. With this app, you can query Alien Labs OTX for enrichment information on various indicators of compromise (IOC) types. By automating this process, you bring relevant, timely, and accurate threat intelligence into ThreatConnect and use it to make better, more informed decisions.
The following use cases are now enabled with this app:
- Aggregate Enrichment: As part of a security process, you may want to aggregate available enrichment and analysis from various outside sources into one location (The ThreatConnect Platform). You will have a more holistic understanding of potential threats to make the most informed decisions as part of your analytic, investigative, and remediation actions.
- Corroborate Alerts: As part of an analysis process, you can use information from AlienLabs OTX to aid and corroborate intelligence analysis or validate the accuracy and severity of security alerts. By corroborating this information, you can feel confident to make informed decisions.
- Perform All-Source Analysis: As part of an analysis process, corroborate or dispute the output from other tools and services to perform an all-source analysis, which involves analyzing threat information from multiple sources. Because operations feed intelligence in a continuous loop, your Security Operations Center (SOC) and Incident Response (IR) teams can leverage the work from the Threat Intelligence team during the course of their investigations.
The following actions are available:
- Get Address Enrichment
- Get URL Enrichment
- Get Host Enrichment
- Get Address Related Malware
- Get Host Related Malware
- Get Address Related URLs
- Advanced Request
The integration with AlienLabs OTX helps ThreatConnect users to automatically query enrichment data so they can use that data as part of a security process. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on leveraging the AT&T AlienLabs OTX Playbook App. If you’re not yet a customer and are interested in ThreatConnect, contact firstname.lastname@example.org.