Flashpoint

The integration with Flashpoint ingests Flashpoint Intelligence Reports (Cyber and Physical Threats) and Technical Indicators into ThreatConnect. The reports are searchable and stored in ThreatConnect, with the full HTML version available for viewing. Technical Indicators are associated to the reports and contain additional context for research and monitoring, such as MITRE ATT&CK™ Tags.

The ThreatConnect platform provides a central place for users to see all their team’s data, analyze that data, and integrate all of their security tools. The integration with Flashpoint Intelligence Reports includes technical indicators from Flashpoint along with support for MITRE ATT&CK tags in ThreatConnect. Customers will see incidents with actionable indicators associated with reports in ThreatConnect along with helpful context such as MITRE ATT&CK tags and scoring. Key features are:

• Enhanced Detection
  • ThreatConnect allows organizations to send threat intelligence to an organization’s tools (like a SIEM or a firewall) as indicators of compromise and rules. This threat intelligence includes RIOs network threats as they relate to the DDW and strategic insights on TTPs and threat actor activity from Finished Intelligence. Organizations can instantly see platform ratings, team votes, and observation count per indicator or incident.
• Collective Analytics Layer
  • By aggregating and normalizing threat data from any source, ThreatConnect’s Collective Analytics Layer helps users gain visibility into who is attacking their organization, view how often indicators are observed, and evaluate how relevant they are. The Finished Intelligence and RIOs datasets provide additional context on these investigations, enabling the network defender and intelligence teams to remediate and take relevant action to support their business operations.

This app can be found in the ThreatConnect App Catalog under the name: Flashpoint Intelligence Reports.

The Polarity - Flashpoint integration enables analysts to search indicators in Flashpoints vast threat intelligence and reports dataset. Allowing the analysts to quickly have an idea on the scope of the indicator and how it can affect their environment.

Examples

Flashpoint Data Overview - Indicator Overview

• Summary Tags: When searching Flashpoint's intelligence analysts can quickly see the number of associated indicators and reports.
• Indicator Context: When drilling into the details of the indicators analysts will be able to get a lot more additional context. They can quickly learn events its associated with, any payloads that have been executed in association with the indicator and more.

Flashpoint Data Overview - Vulnerability Overview

• Summary Tags: When looking up vulnerabilities in the Flashpoint integration, analysts will quickly be able to asses the criticality of that vulnerability. As well as see the number of associated reports and if it is still considered an active vulnerability.
• Vulnerability Details: When drilling into the details of the vulnerability analysts will be able to see the information about the vulnerability, if there has been a solution put forward around the vulnerability and more!

Analysts will also be able to click on the Reports tab to get more information about the reports that are associated with the vulnerabilities.