ThreatConnect has developed a new Playbook app for ThreatConnect and APIVoid customers. This app allows Threat Intel Analysts a powerful way to get the reputation information on Hosts, URLs, and Address IOCs. Additionally, you can retrieve a screenshot of the webpage served for a given Host or URL for use in reports, amongst other things. By automating this process, you can bring highly-correlated data enrichment services together into one platform, saving time and increasing efficiency.
The following use cases are available:
- Aggregate Enrichment: Single Source of Truth
- As part of a security process, you may want to aggregate available enrichment and analysis from various outside sources into one location – the ThreatConnect Platform. You will have a more holistic understanding of potential threats to make the most informed decision as part of your analytic, investigative, and remediation actions.
- Use Enrichment Service to Corroborate Alerts
- As part of analysis, utilize information from APIVoid to aid and corroborate intelligence analysis or validate security alerts’ accuracy and severity. By verifying this information, you can feel confident to make informed decisions instantly.
- Perform All-Source Analysis
- As part of an analysis, corroborate or dispute the output from APIVoid and others to perform an all-source analysis which involves analyzing threat information from multiple sources. Because operations feed intelligence in a continuous loop, your Security Operations Center (SOC) and Incident Response (IR) teams can leverage the Threat Intelligence team’s work during their investigations.
The following actions are available for this Playbook app:
- Get IP Reputation
- Get Host Reputation
- Get URL Reputation
- Get Screenshot
- Advanced Request
Together, ThreatConnect and APIVoid help security teams to get important reputation information and screenshots when working through an investigation. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the APIVoid Playbook app. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at firstname.lastname@example.org.