Flashpoint

The integration with Flashpoint ingests Flashpoint Intelligence Reports (Cyber and Physical Threats) and Technical Indicators into ThreatConnect. The reports are searchable and stored in ThreatConnect, with the full HTML version available for viewing. Technical Indicators are associated to the reports and contain additional context for research and monitoring, such as MITRE ATT&CK™ Tags. The ThreatConnect platform provides a central place for users to see all their team’s data, analyze that data, and integrate all of their security tools. The integration with Flashpoint Intelligence Reports includes technical indicators from Flashpoint along with support for MITRE ATT&CK tags in ThreatConnect. Customers will see incidents with actionable indicators associated with reports in ThreatConnect along with helpful context such as MITRE ATT&CK tags and scoring. Key features are:

• Enhanced Detection
  • ThreatConnect allows organizations to send threat intelligence to an organization’s tools (like a SIEM or a firewall) as indicators of compromise and rules. This threat intelligence includes RIOs network threats as they relate to the DDW and strategic insights on TTPs and threat actor activity from Finished Intelligence. Organizations can instantly see platform ratings, team votes, and observation count per indicator or incident.
• Collective Analytics Layer
  • By aggregating and normalizing threat data from any source, ThreatConnect’s Collective Analytics Layer helps users gain visibility into who is attacking their organization, view how often indicators are observed, and evaluate how relevant they are. The Finished Intelligence and RIOs datasets provide additional context on these investigations, enabling the network defender and intelligence teams to remediate and take relevant action to support their business operations.

This app can be found in the ThreatConnect App Catalog under the name: Flashpoint Intelligence Reports.