ThreatConnect and Cylance: Better Endpoint Remediation

ThreatConnect has partnered with Blackberry Cylance, a leader in the Endpoint Detection and Response space, and built two Playbook Apps for our joint customers to leverage. With the addition of these new Playbook Apps, immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence.

CylancePROTECT Playbook App

CylancePROTECT® is an AI-based endpoint security solution that prevents breaches and provides added controls for safeguarding against sophisticated threats. The CylancePROTECT Playbook App will allow you to immediately deploy new high-risk indicators from ThreatConnect to Cylance’s Global Block List anytime that a new threat is received. By automating this process, you ensure that high fidelity intelligence is being sent between the two solutions and that you and your team have all the information needed to make informed decisions. Additionally, your Security Operations and Incident Response teams will be able to automate investigative actions such as getting device information and take containment actions such as updating a device.

The following actions are now available:

  • Get Threat
  • Get Threats
  • Get Threat Devices
  • Get Threat Download URL
  • Get Global List
  • Add to Global List
  • Delete from Global List
  • Get Device
  • Get Devices
  • Get Device Threats
  • Update Device

A look at the CylancePROTECT Playbook App from within the ThreatConnect Platform

CylanceOPTICS Playbook App

CylanceOPTICS® pushes all detection and response decisions down to the endpoint, eliminating response latency that can mean the difference between a minor security event and a widespread, uncontrolled security incident. The CylanceOPTICS Playbook App allows you to download recent detections from CylanceOPTICs and run them against validated Threat Intelligence from ThreatConnect. If we find a match between the two, you can update the detection info with further context. Additionally, your Security Operations and Incident Response teams will be able to automate investigative actions such as retrieving a file from a device and take containment actions such as locking down a device.

The following actions are available:

  • Get Detections
  • Update Detection
  • Get Detection
  • Get Recent Detections
  • Get Detections CSV
  • Lockdown Device
  • Request File Retrieval from Device
  • Check File Retrieval Status from Device
  • Get Retrieved File Results

A look at the CylanceOPTICS Playbook App from within the ThreatConnect Platform


Together, ThreatConnect and Blackberry Cylance provide a complete solution for security teams that enables them to detect threats and perform remediation quickly and precisely by utilizing tools that communicate with each other.

If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the Cylance Playbook Apps. If you’re not yet a customer and are interested in ThreatConnect, contact


About the Author
Jeff Quist

Jeff Quist, Product Marketing Manager at ThreatConnect, has 8 years of experience in Sales, Marketing, Product Management, and Product Marketing, mainly in technology and financial services. His professional experience and empathy for customers and partners help him to develop engaging marketing content and empower sales teams. Originally from Massachusetts, Jeff recently moved to Washington DC after spending 7 years in New York City. In his free time, Jeff enjoys sketching, reading Science Fiction novels, and supporting the Boston Bruins.