Flashpoint

The integration with Flashpoint ingests Flashpoint Intelligence Reports (Cyber and Physical Threats) and Technical Indicators into ThreatConnect. The reports are searchable and stored in ThreatConnect, with the full HTML version available for viewing. Technical Indicators are associated to the reports and contain additional context for research and monitoring, such as MITRE ATT&CK™ Tags. The ThreatConnect platform provides a central place for users to see all their team’s data, analyze that data, and integrate all of their security tools. The integration with Flashpoint Intelligence Reports includes technical indicators from Flashpoint along with support for MITRE ATT&CK tags in ThreatConnect. Customers will see incidents with actionable indicators associated with reports in ThreatConnect along with helpful context such as MITRE ATT&CK tags and scoring. Key features are:

• Enhanced Detection
  • ThreatConnect allows organizations to send threat intelligence to an organization’s tools (like a SIEM or a firewall) as indicators of compromise and rules. This threat intelligence includes RIOs network threats as they relate to the DDW and strategic insights on TTPs and threat actor activity from Finished Intelligence. Organizations can instantly see platform ratings, team votes, and observation count per indicator or incident.
• Collective Analytics Layer
  • By aggregating and normalizing threat data from any source, ThreatConnect’s Collective Analytics Layer helps users gain visibility into who is attacking their organization, view how often indicators are observed, and evaluate how relevant they are. The Finished Intelligence and RIOs datasets provide additional context on these investigations, enabling the network defender and intelligence teams to remediate and take relevant action to support their business operations.

This app can be found in the ThreatConnect App Catalog under the name: Flashpoint Intelligence Reports.

The ThreatConnect integration with Flashpoint Risk Intelligence Observables ingests Flashpoint RIO Torrent IPs and Forum Visitor IPs into ThreatConnect. These RIO Indicators are stored in ThreatConnect with all relevant context, enabling analysts to better understand and make connections between the threats and adversaries they are facing.

The ThreatConnect platform provides a central place for users to see all their team’s data, analyze that data, and integrate all of their security tools. By utilizing Flashpoint Finished Intelligence and Risk Intelligence Observables datasets, the solution delivers greater visibility into threats, empowering experienced and entry-level users alike with the context they need to make better risk decisions about threats relevant to them. Key features are:

• Enhanced Detection
  • ThreatConnect allows organizations to send threat intelligence to an organization’s tools (like a SIEM or a firewall) as indicators of compromise and rules. This threat intelligence includes RIOs network threats as they relate to the DDW and strategic insights on TTPs and threat actor activity from Finished Intelligence. Organizations can instantly see platform ratings, team votes, and observation count per indicator or incident.
• Collective Analytics Layer
  • By aggregating and normalizing threat data from any source, ThreatConnect’s Collective Analytics Layer helps users gain visibility into who is attacking their organization, view how often indicators are observed, and evaluate how relevant they are. The Finished Intelligence and RIOs datasets provide additional context on these investigations, enabling the network defender and intelligence teams to remediate and take relevant action to support their business operations.
• Indicator Threat Voting
  • The ThreatConnect platform allows users to keep track of each team’s workflow and tasks, including evaluating how malicious an indicator is using in-platform voting. By harnessing the additional context provided by RIOs unique set of observables, users can further customize team workflows based on greater visibility into high priority tasks.

This app can be found in the ThreatConnect App Catalog under the name: Flashpoint Risk Intelligence Observables