ThreatConnect and Palo Alto have delivered a new Playbook App for joint customers. This Playbook App will allow you to submit Files for sandbox analysis and retrieve analysis results. In addition to sandboxing, the app lets users retrieve enrichment information for Address, Host, URL, and File IOCs.
The following capabilities are available:
- Automated Malware Sandboxing
- As part of a security process, you can automatically send malware to your sandbox. Once sandboxed, you’ll get outputs in the form of C2 communications, file hashes, registry keys, and more. You can then use these outputs to inform detection and remediation processes in the rest of your security stack.
- As part of an investigation, you may come across a familiar file hash and want to see if you’ve seen it and sandboxed it before. You can use ThreatConnect to query Palo Alto Wildfire and retrieve this information as part of an enrichment process during a case or investigation.
The following actions are available:
- Analyze File
- Get File Enrichment
- Get Address Enrichment
- Get Host Enrichment
- Get URL Enrichment
- Get File Analysis Results
- Advanced Request
Together, ThreatConnect and Palo Alto help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on using the Palo Alto Wildfire Playbook App. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at firstname.lastname@example.org.