Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

ThreatConnect and Cylance: Better Endpoint Remediation

ThreatConnect has partnered with Blackberry Cylance, a leader in the Endpoint Detection and Response space, and built two Playbook Apps for our joint customers to leverage. With the addition of these new Playbook Apps, immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence.

CylancePROTECT Playbook App

CylancePROTECT® is an AI-based endpoint security solution that prevents breaches and provides added controls for safeguarding against sophisticated threats. The CylancePROTECT Playbook App will allow you to immediately deploy new high-risk indicators from ThreatConnect to Cylance’s Global Block List anytime that a new threat is received. By automating this process, you ensure that high fidelity intelligence is being sent between the two solutions and that you and your team have all the information needed to make informed decisions. Additionally, your Security Operations and Incident Response teams will be able to automate investigative actions such as getting device information and take containment actions such as updating a device.

The following actions are now available:

  • Get Threat
  • Get Threats
  • Get Threat Devices
  • Get Threat Download URL
  • Get Global List
  • Add to Global List
  • Delete from Global List
  • Get Device
  • Get Devices
  • Get Device Threats
  • Update Device

CylanceOPTICS Playbook App

CylanceOPTICS® pushes all detection and response decisions down to the endpoint, eliminating response latency that can mean the difference between a minor security event and a widespread, uncontrolled security incident. The CylanceOPTICS Playbook App allows you to download recent detections from CylanceOPTICs and run them against validated Threat Intelligence from ThreatConnect. If we find a match between the two, you can update the detection info with further context. Additionally, your Security Operations and Incident Response teams will be able to automate investigative actions such as retrieving a file from a device and take containment actions such as locking down a device.

The following actions are available:

  • Get Detections
  • Update Detection
  • Get Detection
  • Get Recent Detections
  • Get Detections CSV
  • Lockdown Device
  • Request File Retrieval from Device
  • Check File Retrieval Status from Device
  • Get Retrieved File Results

Together, ThreatConnect and Blackberry Cylance provide a complete solution for security teams that enables them to detect threats and perform remediation quickly and precisely by utilizing tools that communicate with each other.

If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the Cylance Playbook Apps. If you’re not yet a customer and are interested in ThreatConnect, contact

About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at