Integrations

The ThreatConnect® Platform was built to be open and extensible. We strive to integrate with the tools and technologies in our customers’ existing ecosystem, and work with vendors across every category to make security easy and effective.

ThreatConnect Integrations Laptop with Logos Graphic
Product Product Category Company
Fortinet FortiSIEM SIEM
Fortinet

In FortiSIEM 5.2.4, users can download IOCs from ThreatConnect and receive alerts on matches in logs. Since ThreatConnect aggregates threat feeds from multiple sources, large numbers of automatically downloaded IOCs can cause false positives, increase processing needs and filling storage.

This release also enables the user to mark a ThreatConnect IOC as a False positive. This action can be taken when an incident triggers matching a ThreatConnect IOC, and the user determines that it is a false positive

This is a Partner Built & Supported integration.

OPSWAT MetaDefender Cloud Enrichment & Analysis
OPSWAT

These Components allow users to retrieve enrichment information for OPSWAT MetaDefender Cloud. All available information returned from MetaDefender is parsed out and exposed as output variables in addition to the raw JSON API response.

Actions available in these Components are:

  • Get OPSWAT MetaDefender Cloud File Enrichment
  • Get OPSWAT MetaDefender Cloud File Scan History
  • Scan File with OPSWAT MetaDefender Cloud

These apps are Playbooks-only supported Components.

Joe Sandbox Malware Analysis
Joe Security
This app contains multiple actions for analyzing files and URLs as well as retrieving the results in various formats.  In addition, this app returns the MITRE ATT&CK data from Joe Sandbox in the ThreatConnect tag format as an output variable adding instant value when the results are saved in ThreatConnect and associated across the ATT&CK framework.
Actions available in this app include:
Analyze File – Submit a binary file for analysis
Analyze URL – Submit a URL for analysis
Get Info – Get the raw and parsed Report details from a previous analysis
Get Download – Download the analysis Report in HTML, JSON, or PDF Format. Also, download the sample binary.
Bandura Cyber Threat Intelligence Gateway (TIG) Network Security
Bandura Cyber
The Bandura Cyber Threat Intelligence Gateway (TIG) is purpose-built to filter network traffic using massive volumes of third-party threat intelligence indicators.  The Bandura Cyber ThreatConnect plug-in enables the Bandura Cyber TIG to automatically ingest, detect, and block malicious IP and domain indicators from the ThreatConnect Platform.  The Bandura Cyber TIG enables ThreatConnect customers to detect and block threats on the network in an easier, more scalable, and automated way than can be done using existing network security controls like Next Generation Firewalls.
Microsoft Windows Remote Management Enrichment & Analysis
Microsoft
This integration allows users to run commands, PowerShell commands, and remote PowerShell scripts and leverage the power of the WinRM protocol from ThreatConnect Playbooks.
Some examples include:
• Execute an IR PowerShell script for collecting logs and artifacts from an endpoint under investigation
• Terminate a running process on a host
• List running process or open network connections on a host
• Shutdown or restart a host
• Get a file from a host for further analysis
This is a Playbooks-only enabled integration.
Flashpoint Technical Indicators Threat Intelligence
Flashpoint

ThreatConnect’s Flashpoint integration now includes the Flashpoint’s Technical Indicators along with support for MITRE ATT&CK tags. With this latest release, joint customers will now see Incidents and actionable Indicators associated to Reports in ThreatConnect along with helpful context such as MITRE ATT&CK tags and scoring.

AlienVault ThreatCrowd Enrichment & Analysis
AlienVault
This Playbooks Component allows the user to retrieve enrichment information from ThreatCrowd for a given IP Address, Domain, Email Address, or File Hash. The API response is parsed and all values are exposed as output variables. Additionally, the raw JSON API response is exposed as an output variable.
This is a Playbooks-only enabled app.
AlienVault OTX Enrichment & Analysis
AlienVault

This Playbooks Component allows a user to retrieve enrichment information from AlienVault OTX for a given indicator. The raw JSON response is returned as well as the number of related Pulses along with their names and IDs.

This is a Playbooks-only enabled app.

Censys.io Enrichment & Analysis
Censys

This integration with Censys.io is a series of Playbooks Components that allow users to Create Censys Search and Get Censys Enrichment.

This is a Playbooks-only enabled app.

GreyNoise.io Enterprise Enrichment & Analysis
GreyNoise

This integration with GreyNoise.io Enterprise is a series of Playbooks Enrichment Components that allow users to Create GreyNoise GNQL Query and Get GreyNoise Enterprise Enrichment.

This is a Playbooks-only enabled app.

Microsoft Azure Directory IT Infrastructure
Microsoft
This integration with Microsoft Azure Directory is a series of Playbooks Components that allow users to disable and enable Azure Active Directory Users via Microsoft’s Graph API. An additional Playbooks Component allows users to retrieve the details for a given Azure Active Directory User via Microsoft’s Graph API.
This is a Playbooks-only enabled app.
Microsoft Windows Defender ATP Enrichment & Analysis
Microsoft

This ThreatConnect Playbooks app allows Playbook users to list, add, update and remove indicators on WD ATP for alerting and blocking purposes.

This is a Playbooks-only enabled app.

Microsoft Graph Security API IT Infrastructure
Microsoft

This app with Microsoft Graph Security enables ThreatConnect Playbook users to perform Get, Create, Update and Delete actions against the Graph Security TI API.  This API is currently consumed by Microsoft Sentinel for alerting and monitoring.

This app requires v5.8 of ThreatConnect and is a Playbooks-only enabled app.

RiskIQ Enrichment & Analysis
RiskIQ

This integration is a series of Components that allow users to submit a URL to RiskIQ’s Landing Page API endpoint as well as allow a user to create an event in RiskIQ’s Platform.

Exabeam Data Lake Enrichment & Analysis
Exabeam

This app is designed to allow you to query an Address or Host IOCs in Exabeam’s Data Lake for matched events. This is useful when you would like to see if a particular IOC has been active in your environment.

This integration was built and is supported by Exabeam.

Secureworks Attacker Database Threat Intelligence
Secureworks

Secureworks (NASDAQ: SCWX) is a leading global cybersecurity company that keeps organizations safe in a digitally connected world. We combine visibility from thousands of clients, artificial intelligence and automation from our industry-leading Secureworks Counter Threat Platform, and actionable insights from our team of elite researchers and analysts to create a powerful network effect that provides increasingly strong protection for our clients. By aggregating and analyzing data from any source, anywhere, we prevent security breaches, detect malicious activity in real time, respond rapidly, and predict emerging threats. We offer our clients a cyber-defense that is Collectively Smarter. Exponentially Safer.

Slack Incident Response & Ticketing
Slack

With this integration, users have the ability to send customizable messages and attachments to Slack via ThreatConnect.

This is a Playbooks-enabled integration.

Accenture iDefense IntelGraph Threat Intelligence
Accenture

The Accenture iDefense® IntelGraph integration with ThreatConnect® allows customers to ingest the IntelGraph feed into ThreatConnect for analysis and response actions. The integration downloads the 21 Fundamentals, as well as Intel Alerts and Intel Reports, into ThreatConnect.

Booz Allen Hamilton Cyber4Sight Threat Intelligence
Booz Allen Hamilton

Cyber4Sight® delivers customers the comfort of knowing that our comprehensive and context-rich threat intelligence enables them with everything they need to prioritize strategic security decisions and to detect, understand, and mitigate risks.

With Cyber4Sight, you have the tools to react more swiftly to the biggest threats, better anticipate emerging ones, improve your decision-making and resource allocation, help you decrease risk, and better protect your enterprise. To learn more, visit https://www.boozallen.com/s/product/cyber4sight.html.

BAE Systems Threat Intelligence Threat Intelligence
BAE Systems

The ThreatConnect® integration with BAE Systems Threat Intelligence® enables ThreatConnect customers to import Events and Attributes from the BAE MISP instance into ThreatConnect as Incidents and Indicators (Address, Host, Email Address, URL, CIDR, File, ASN, and User Agent), respectively.

Jira Software Incident Response & Ticketing
Atlassian

The Jira playbook app accepts any supported data type as input, along with a customizable key/value pair configuration, and will create Jira issues with the configured information. For more information about Jira, please visit https://www.atlassian.com/software/jira.

This is a Playbooks-enabled integration.

Carbon Black Cb Response Endpoint Detection & Response
Carbon Black

Cb Response is an industry-leading incident response and threat hunting solution designed for security operations center (SOC) teams. Cb Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the Cb Predictive Security Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior.

RH-ISAC Threat Intelligence
RH-ISAC

The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) is the cybersecurity community for all retailers and commercial services entities, connecting all aspects of consumer products, goods, and services industries throughout the ecosystem and supply chain. Forming a trusted arena for the sharing of critical strategic and tactical information between members and industry partners across the globe for the purpose of collaborative and innovative problem solving, the RH-ISAC is the information sharing source for cybersecurity risk management.

Threat Connect-RH-ISAC - Logo@0,5x
Recorded Future Enrichment & Analysis
Recorded Future

The Recorded Future Enrichment playbook app will accept address and host indicators and will query the Recorded Future Cyber API for enrichment. Returned data is passed to downstream playbook components in the form of output variables.

Recorded Future Risk List Threat Intelligence
Recorded Future

Recorded Future arms security teams with the only complete threat intelligence solution powered by patented machine learning to lower cyber risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources and provides invaluable context in real time and packaged for human analysis or integration with security technologies.

This Recorded Future Risk List integration takes advantage of new API endpoints and ingests the IP, Domain and Hash Risk Lists from Recorded Future into ThreatConnect as a source called “Recorded Future Risk List”. For more information, visit https://www.recordedfuture.com/.

Qualys Vulnerability Management
Qualys

The Qualys Vulnerability Management integration compares CVE tags from sources in ThreatConnect and matches against Qualys scan results. Any matching unpatched vulnerabilities found within Qualys are associated with relevant intel in ThreatConnect. Additionally, tasks can be automatically created with necessary details for further action to be taken.

To learn more about Qualys, visit https://www.qualys.com/suite/vulnerability-management/.

Palo Alto Networks Wildfire Malware Analysis
Palo Alto Networks

This integration with Palo Alto Wildfire is available as a series of Playbook Apps and Templates.

With the Playbooks Apps and Templates, users are automatically able to take the following actions:

For more information about Palo Alto Wildfire, please visit: https://www.paloaltonetworks.com/products/secure-the-network/wildfire/.

This is a Playbooks-enabled integration.

ReversingLabs A1000 Malware Analysis
ReversingLabs

The A1000 Malware Analysis Platform supports advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine. It is integrated with file reputation services to provide in-depth rich context and threat classification on over 8 billion files and across all file types. The A1000 supports visualization, APIs for integration with automated workflows, a dedicated database for malware search, global and local YARA Rules matching, as well as integration with 3rd party sandbox tools.

This is a Playbooks-enabled integration.

Logo-ThreatConnect-Partner-Reversing-Labs
ReversingLabs TiCloud Malware Analysis
ReversingLabs

ReversingLabs’ TitaniumCloud Reputation Services are powerful threat intelligence solutions with up-to-date, threat classification and rich context on over 8 billion goodware and malware files. ReversingLabs does not depend on crowd-sourced collection but instead curates the harvesting of files from software vendors and diverse malware sources. All files are processed using unique ReversingLabs File Decomposition Technology, combined with other dynamic and detection information to provide industry reputation consensus. TitaniumCloud supports a powerful set of REST API query and feed functions that deliver targeted file and malware intelligence for threat identification, analysis, intelligence development and hunting.

This is a Playbooks-enabled integration.

Logo-ThreatConnect-Partner-Reversing-Labs
RSA Archer Incident Response & Ticketing
RSA

This integration with RSA Archer is a series of Playbooks Apps and Templates. With these Playbooks, RSA Archer users can automatically take the following actions:

For more information about RSA Archer, please visit: https://www.rsa.com/en-us/products/integrated-risk-management/archer-platform.

This is a Playbooks-enabled integration.

Palo Alto Networks NGFW Network Security
Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, Palo Alto Networks’ game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.

Find out more at www.paloaltonetworks.com.

Symantec Deepsight Threat Intelligence
Symantec

Symantec Corporation (NASDAQ: SYMC) is the global leader in cybersecurity. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives.

Symantec’s DeepSight Intelligence arms security teams with actionable insights that provide a deeper understanding of the threat landscape so companies can better anticipate and mitigate cybersecurity risk.

For more information, visit: https://www.symantec.com/services/cyber-security-services/deepsight-intelligence.

Tanium Connect Endpoint Detection & Response
Tanium

The Tanium™ Connect™ Reputation Blacklist integration for ThreatConnect® enables the upload of File hashes in ThreatConnect to the Reputation Blacklist in Tanium Connect.

Tanium Detect Endpoint Detection & Response
Tanium

The Tanium™ Detect™ integration for ThreatConnect® enables the exchange of Indicators between ThreatConnect and Tanium Detect version 3 or newer, providing real-time assessment of IOCs against enterprise endpoints, regardless of scale.

MISP Threat Intelligence
MISP

This MISP Import app integration enables ThreatConnect customers to run a scheduled import of MISP Events and Attributes into ThreatConnect as Incidents and Indicators (Address, Host, Email Address, and File), respectively.

ThreatConnect-Integrations-MISP-Logo
McAfee ESM SIEM
McAfee

McAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.

McAfee ATD Malware Analysis
McAfee

McAfee Advanced Threat Defense enhances protection from network edge to endpoint and enables investigation.

This is a Playbooks-enabled integration.

Maltego Enrichment & Analysis
Paterva

Maltego is a visual link analysis tool that, out the box, comes with open source intelligence (OSINT) plugins – called transforms. The tool offers real-time data mining and information gathering as well as the representation of this information on a node based graph making patterns and multiple order connections between said information easily identifiable.

ThreatConnect-Integrations-Paterva-logo
Lastline Analyst Malware Analysis
Lastline

Lastline Analyst™ provides your threat analysts and incident response teams with the advanced malware inspection and isolation environment they need to safely execute advanced malware samples and understand their behavior.

This integration allows users to identify threats and act on your threat intelligence by integrating Lastline technology and ThreatConnect Threat Intelligence Platform

This is a Playbooks-enabled integration.

Logo-ThreatConnect-Partner-LastLine
King & Union Avalon Enrichment & Analysis
King & Union

King & Union is outsmarting cyber adversaries by uniting security professionals and amplifying the power of the cybersecurity analyst. The company’s flagship product, Avalon, is a threat analytics platform built with collaboration at its core. Avalon provides a dynamic workspace where security operators and analysts can lean in, cut through the noise, and reduce the time to address threats from hours to minutes. The platform provides access to exclusive data sources, automates repetitive workflows, and leverages real-time collaboration to deliver unparalleled insight and full context based on facts.

Learn more: www.kingandunion.com.

This integration was built and is supported by King & Union.

ThreatConnect-Integrations-King-and-Union-Logo
Intel 471 Threat Intelligence
Intel 471

Intel 471 provides an actor-centric intelligence collection capability for their customers. Their intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicates and plan cyber attacks. Intel 471 is active in places where entry is highly guarded such as underground marketplaces and chat rooms. The team is comprised of skilled and experienced professionals from intelligence services, military, law enforcement and private threat intelligence companies.

The mission of Intel 471 is to protect your organization, your products, your assets and your people. http://www.intel471.com/.

IBM X-Force Enrichment & Analysis
IBM

IBM X-Force produces many thought leadership security research assets to help customers, fellow researchers and the public at large better understand the latest security risks, and stay ahead of emerging threats.

This is a Playbooks-enabled integration.

threatconnect-integrations-ibm-logo
IBM QRadar SIEM
IBM

IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. By consolidating log events and network flow data from thousands of devices, endpoints and applications distributed throughout your network, QRadar correlates all this different information and aggregates related events into single alerts to accelerates incident analysis and remediation. QRadar SIEM is available on premises and in a cloud environment.

threatconnect-integrations-ibm-logo
Flashpoint Risk Intelligence Observables Threat Intelligence
Flashpoint

Flashpoint illuminates the Deep and Dark Web. A pioneer in providing intelligence from these regions of the Internet, Flashpoint’s software and data services help companies, governments, and consumers enhance their cyber and physical security. The company’s unique blend of subject matter expertise and software engineering has changed the way meaningful and actionable intelligence is gleaned from the previously unmapped regions of the Internet.

For more information please go to: www.flashpoint-intel.com.

FireEye Threat Intelligence Threat Intelligence
FireEye

FireEye Threat Intelligence is forward-looking threat intelligence with highly contextual analysis. FireEye Threat Intelligence is unique in the industry, with more than 150 FireEye security researchers and experts around the globe apply decades of experience to gathering forward-looking, high-fidelity, adversary-focused intelligence. With an unmatched view into adversaries, victims and networks worldwide, FireEye Threat Intelligence delivers visibility across the extended cyber-attack lifecycle to all levels of your business.

FireEye Helix Incident Response & Ticketing
FireEye

FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix.

This is a Playbooks-enabled integration.

Fidelis Cybersecurity Network Network Security
Fidelis Cybersecurity

ThreatConnect® and Fidelis Cybersecurity have partnered to provide users with ThreatConnect intelligence for use within Fidelis Network™. This integration allows automatic synchronization of ThreatConnect indicators to Fidelis Network, enabling users to easily – and quickly – investigate current and historic network activity for the latest threats.

Farsight Security DNSDB Enrichment & Analysis
Farsight Security

Farsight offers the most comprehensive, searchable database of passive DNS record information for investigations and research. Security analysts, fraud investigators, Security Operations Center (SOC) and Incident Response (IR) teams use Farsight to investigate incidents and cybercrime, protect their assets and monitor online activity. Leveraging its superior telemetry data collection and processing capabilities, Farsight provides its clients with cloud-based, real-time network observability and reporting solutions.

Farsight also provides cyber situational awareness that helps organizations protect against attacks and know unknowns, in the form of newly observed domains, and loss of brand and reputational integrity. For further information, please visit www.farsightsecurity.com.

Dragos Worldview Threat Intelligence
Dragos

Dragos WorldView™ threat intelligence feeds, alerts, reports, and briefings focus on Industrial Control Systems (ICS) threat intelligence, providing information and context that identify the malicious actors and activity targeting industrial control networks globally. The ThreatConnect® integration with Dragos WorldView allows ThreatConnect users to import Reports and Indicators, along with all of their context, from the Dragos WorldView API into ThreatConnect.

Dragos Platform Network Security
Dragos

Dragos Security develops tools to enable the Industrial Control System and IT community, focusing on ICS and IoT cyber situational awareness. Dragos and ThreatConnect are partnering to combine threat intelligence with network collection, aggregation and analytics to provide customers with a real-time, relevant, and actionable feed of cyber events in ICS environments.

This integration is built and supported by Dragos. For questions about the integration, contact Dragos support. For more information about Dragos, please visit https://dragos.com/.

DomainTools Enrichment & Analysis
DomainTools

DomainTools offers the most comprehensive searchable database of domain name registration, Whois records and hosting data for online investigations and research. Cyber security analysts, fraud investigators, domain professionals and marketers use DomainTools to investigate cybercrime, protect their assets and monitor online activity. DomainTools has 12 years of history on domain name ownership, Whois records, hosting data, screenshots and other DNS records. That’s why customers say, “Every online investigation starts with DomainTools.” DomainTools customers include many Fortune 1000 companies, leading vendors in the Security and Threat Intelligence community and most crime-fighting government agencies. Individual users can start with an online Free Trial available at www.domaintools.com.

Enterprise accounts are available from www.domaintools.com/about/contact-us.

Crowdstrike Falcon Intelligence Threat Intelligence
Crowdstrike

The global CrowdStrike Falcon Intelligence™ team tracks adversaries of all types — nation-state, criminal, hacktivist — to provide the customized and actionable intelligence you need to stay ahead of disruptive threat actors targeting your organization.

Crowdstrike Falcon Host Endpoint Detection & Response
Crowdstrike

CrowdStrike is the leader in next-generation endpoint protection, threat intelligence and response services. CrowdStrike’s core technology, the CrowdStrike Falcon™ platform, stops breaches by preventing and responding to all types of attacks – both malware and malware-free. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify three crucial elements: next-generation antivirus, endpoint detection and response (EDR), and a 24/7 managed hunting service — uniquely delivered via the cloud in a single lightweight sensor. Falcon uses the patent-pending CrowdStrike Threat Graph™ to analyze and correlate billions of events in real time, providing complete protection and five-second visibility across all endpoints. The company leads threat prevention with its potent combination of signature-less machine learning and behavioral-based analytics.

Cofense Intelligence Threat Intelligence
Cofense

Cofense, formerly PhishMe, is the leading provider of human-driven phishing defense solutions worldwide. We deliver a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines best-in class incident response technologies with timely attack intelligence sourced from employees. Cofense solutions quickly mitigate the impacts from spear phishing, ransomware, malware, and business email compromise.

For more information about Cofense, please visit https://cofense.com/.

This integration was built and is supported by Cofense.

Cisco Umbrella Investigate Enrichment & Analysis
Cisco

Cisco Umbrella Investigate provides the most complete view of the relationships and evolution of Internet domains, IP addresses, and autonomous systems to pinpoint attackers’ infrastructures and predict future threats.

Cisco Umbrella Network Security
Cisco

The Cisco Umbrella integration allows Host and URL Indicators in ThreatConnect to be added and removed from the Cisco Umbrella Platform over the Cisco Umbrella Enforcement API.

Cisco Threat Grid Malware Analysis
Cisco

Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware. With a robust, context-rich malware knowledge base, you will understand what malware is doing, or attempting to do, how large a threat it poses, and how to defend against it.

This is a Playbooks-enabled integration.

Cisco Firepower Management Center Network Security
Cisco

Cisco Firepower Management Center is your administrative nerve center for managing critical Cisco network security solutions. It provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Easily go from managing a firewall to controlling applications to investigating and remediating malware outbreaks.

Centripetal Networks Network Security
Centripetal Networks

Centripetal Networks Inc. is a cyber-security solutions provider specializing in Real-Time Active Network Defense. Centripetal has achieved several breakthroughs in the scale and speed of network protection. Centripetal’s RuleGate® product is the first and only system able to action threat indicators at scale, at full line-rate speed, and with agility. Threat intelligence can now directly drive an active cyber defense without negatively impacting network performance or user experience. Centripetal’s offering includes the RuleGate® a unique ultra high performance network appliance, QuickThreat™ the industry’s first real-time threat visualization and analytics platform, and the Advanced Cyber Threat (ACT) service. Please visit www.centripetalnetworks.com.

This integration was built and is supported by Centripetal Networks.

ThreatConnect-Integrations-Centripetal-Logo
BluVector Cortex Network Security
BluVector

BluVector is empowering security teams to get answers about real threats. Our next generation IDS is transforming how security teams gain situational awareness, detect, triage and respond to security events. To learn more, visit us at https://www.bluvector.io

This integration was built and is supported by BluVector.

Attivo Networks ThreatMatrix Deception
Attivo Networks

Attivo Networks® is an award-winning leader in deception-based threat detection. The Attivo ThreatMatrix™ platform provides in-network threat detection and continuous response using dynamically deployed deceptions, attack and attack path analysis, and automations for accelerated incident handling.

This integration was built and is supported by Attivo Networks.

ArcSight ESM SIEM
Micro Focus

Micro Focus helps organizations run and transform its business through digital transformation. Our software provides the critical tools they need to build, operate, secure, and analyze their enterprise. By design, these tools bridge the gap between existing and emerging technologies – enabling faster innovation, with less risk, in the race to digital transformation.

Zerofox Threat Intelligence
Zerofox
ZeroFOX, the social media & digital security category leader, protects modern organizations from dynamic security, brand and physical risks across social, mobile, web and collaboration platforms. Using diverse data sources and artificial intelligence-based analysis, ZeroFOX protects modern organizations from targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. Recognized as a Leader in Digital Risk Protection by Forrester, the patented ZeroFOX SaaS platform processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains and more.
To find out more information about ZeroFOX or to join our team, please visit: https://www.zerofox.com.
Securonix SIEM
Securonix
Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics solution uses machine learning to track and create baselines of user, account, and system behavior and detects the most advanced insider threats, cyber threats, and fraud activities in real time. Securonix extends threat detection with threat-hunting and automated incident response. SOC analysts can hunt across data sources, and respond with pre-built, automated playbooks. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, fraud, and application security monitoring requirements.
For more information, please visit: https://www.securonix.com/.
This integration was built and is supported by Securonix.
Siemplify Orchestration
Siemplify

Siemplify provides a holistic Security Operations Platform that empowers security analysts to work smarter and respond faster. It uniquely combines security orchestration and automation with patented contextual investigation and case management to deliver intuitive, consistent and measurable security operations processes. By utilizing Siemplify with ThreatConnect, security teams are able to seamlessly integrate threat intelligence in security playbooks, enabling them to easily prioritize their workload, quickly understand intelligence-driven context, and provide feedback to ThreatConnect in order to fine-tune and enhance the accuracy of their intelligence. Learn more at https://www.siemplify.co/. This integration was built and is supported by Siemplify.

Kaspersky Threat Intelligence
Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

This integration was built and is supported by Kaspersky.

IBM Resilient Incident Response & Ticketing
IBM

IBM Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes. IBM Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

The latest innovation to IBM Resilient IRP, Dynamic Playbooks, provides the agility, intelligence, and sophistication needed to contend with complex attacks.

This is a Playbooks-enabled integration.

threatconnect-integrations-ibm-logo
DF Labs Incident Response & Ticketing
DF Labs

The integration will allow the DFLabs and ThreatConnect platforms to dynamically exchange data, providing customers with increased visibility to threats and the ability to effectively respond to incidents. With this integration, users will also be able to quickly integrate DFLabs’ IncMan™ with ThreatConnect and execute automated and semi-automated actions, from triage to enrichment, to remediation.

This integration is built and supported by DFLabs. For questions about the integration, please contact DFLabs support. For more information about DFLabs, visit https://www.dflabs.com/.

LogRhythm SIEM
LogRhythm

ThreatConnect® and LogRhythm® have partnered to enable users to detect and act on ThreatConnect intelligence in LogRhythm SIEM. With this integration, users are able to aggregate their internal logs and combine them with validated threat intelligence. This allows them to easily spot trends or patterns that are out of the ordinary and act on them efficiently.

For more information about LogRhythm, please visit https://logrhythm.com/.

RSA NetWitness Incident Response & Ticketing
RSA

ThreatConnect is a software platform that unites your entire security team, your partners, and your industry peers together behind a cohesive, intelligence-driven defense. Working together in ThreatConnect, everyone benefits from the collective talents and knowledge of the group. By making ThreatConnect intelligence data available in RSA Security Analytics, you’re able to build processes to identify the most relevant threats, proactively protect your network, and quickly respond to incidents in a measurable way.

For more information, please visit: www.community.rsa.com.

Flashpoint Intelligence Reports Threat Intelligence
Flashpoint

Flashpoint illuminates the Deep and Dark Web. A pioneer in providing intelligence from these regions of the Internet, Flashpoint’s software and data services help companies, governments, and consumers enhance their cyber and physical security. The company’s unique blend of subject matter expertise and software engineering has changed the way meaningful and actionable intelligence is gleaned from the previously unmapped regions of the Internet.

For more information please go to: www.flashpoint-intel.com.

Digital Shadows Searchlight Threat Intelligence
Digital Shadows

Digital Shadows provides cyber situational awareness that helps organizations protect against cyber attacks, loss of intellectual property, and loss of brand and reputational integrity. Its flagship solution, Digital Shadows SearchLight™, is a scalable and easy-to-use data analysis platform that provides a holistic view of an organization’s digital footprint and the profile of its attackers. It is complemented with security analyst expertise to ensure extensive coverage, tailored intelligence and frictionless deployment. SearchLight continually monitors more than 100 million data sources in 27 languages across the visible, deep and dark web and other online sources to create an up-to-the minute view of an organization and the risks requiring mitigation. The company is jointly headquartered in London and San Francisco.

For more information, visit www.digitalshadows.com.

Logo-ThreatConnect-Partner-Digital-Shadows
VMRay Analyzer Malware Analysis
VMRay

VMRay Analyzer’s hypervisor-based malware analysis offers best-in-class threat detection and mitigation capabilities. Its revolutionary 3rd generation technology analyzes any piece of malware, including the newest and most dangerous threats like 64-bit rootkits, quickly and reliably. And, unlike traditional malware analysis systems, VMRay Analyzer cannot be evaded. This is the only way to defend against today’s rapidly evolving threat landscape. Sophisticated analyses are generated at multiple abstraction levels and can easily be utilized by forensic specialists, non-security experts as well as business executives. Full Visibility. High Performance. Evasion-Proof.

Please visit www.vmray.com for more information.

This is a Playbooks-enabled integration.

Logo-ThreatConnect-Partner-VMRay
Tenable.sc Vulnerability Management
Tenable

Tenable Network Security, the leader in real-time vulnerability management,  is relied upon by more than 17,000 organizations in over 100 countries, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its Nessus and SecurityCenter solutions continue to set the standard for identifying vulnerabilities, preventing attacks and complying with a multitude of regulatory requirements.

For more information, please visit www.tenable.com.

Splunk SIEM
Splunk

Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 8,400 enterprises, government agencies, universities and service providers in more than 100 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Hunk®, Splunk MINT Express™ and premium Splunk Apps. To learn more, please visit http://www.splunk.com/company.

Splunk Logo