Pages
- Actra Community Reg
- Actra TC User
- Aggregating Feeds Is Not Enough
- Become a Partner
- Black Hat 2019
- Blog
- Building a Threat Intelligence Program
- Building a TI Program UK
- Collective Analytics Layer
- Company
- Contact
- Cookie Policy
- CTA White Papers
- Dashboards
- Deal Registration
- Don’t Just Follow the Herd
- e-isac
- Forrester TEI: ThreatConnect ROI
- Free
- Free vs Paid
- FS-ISAC Annual Summit 2019
- Gain Visibility Into Healthcare’s Greatest Cyber Threats
- Gain Visibility Into Retail’s Greatest Cyber Threats
- Gain Visibility Into the Greatest Cyber Threats to Financial Services
- Gartner Security Risk Management Summit 2019
- Gucifer and Fancy Bear
- Home
- Home Speed
- Integrations
- Intelligence-Driven Orchestration
- Kingston University
- ME-ISAC
- More is Note More
- Ong-isac
- ONG-ISAC Allied Partners
- ONG-ISAC Collaborators
- Ong-Isac TC User
- Operation Arachnaphobia
- Partners
- Playbook Fridays
- Playbooks ROI Calculator
- Premium ThreatConnect Intelligence Source
- Privacy Policy
- Project CameraShy
- Project CameraShy Resources
- Reduce Risk
- Request a Demo
- Resources
- Rise of the Diamond Model
- RSA Conference 2019
- RSA Conference 2020
- Sandbox Registration
- SAP Hana
- SIEM + Threat Intelligence
- Sitemap
- SOAR ebook
- SOAR ebook - Digioh
- SOAR ebook for Cyberwire
- SOAR eBooks Thank You
- SOAR Market guide
- SOAR TIP eBooks
- Solution
- Automated EDR
- Automation & Orchestration
- Brand Monitoring
- Case Management
- Dashboards and Reporting
- Energy & Utilities
- Financial Services
- Government
- Healthcare
- How To Buy
- Incident Response
- Intelligence Sharing
- MSSPs
- Phishing Analysis & Response
- Playbook Servers and Playbook Workers
- Retail
- Security Leadership
- Security Operations
- SOAR Platform (Security Orchestration, Automation and Response)
- Technology Companies
- Threat Hunting
- Threat Intel Analysts
- Threat Intelligence
- Threat Intelligence Platform
- ThreatConnect for MITRE ATT&CK
- ThreatConnect for State & Local Government
- Vulnerability Management
- STIX TAXII
- Subscribe to Our Blog
- TC Open - for Paid Search
- TC Open for CyberWire
- Technology Partner Business & Breakfast Meetup
- Technology Partners
- Terms of Service
- Thank You Trial Reg
- The Benefits of Integrating Threat Intelligence Into Your SIEM
- ThreatConnect at RSA Conference 2019 Meeting Request
- ThreatConnect at RSA Conference 2020 Meeting Request
- ThreatConnect Customer Success
- ThreatConnect Customer Training: Live in Houston
- ThreatConnect Customer Training: Live in London
- ThreatConnect Customer Training: Live in Toronto
- ThreatConnect RSA Party 2019 RSVP
- ThreatConnect Sandbox Addendum
- ThreatConnect Support
- Unsubscribe
- Using MITRE ATT&CK and Threat Intelligence to Stop Attacks
- Workday Community Registration
Posts
All
- 5 Ways TIPs Can Enhance Your SIEM
- 7 Tips for Working from Home
- ISAO Standards and Cybersecurity Collaboration: One Year Later
- Sending Aspiring Jedi Knights to Dagobah System
- ThreatConnect and Jira: Automating Processes Made Easier
- Top 6 Reasons Why You Should Apply Intelligence to Automation and Orchestration
Blog
- (Un)Intended Side Effect of a Platform like ThreatConnect: Job Satisfaction
- 10 Things Security Analysts Can Do for Free in TC Open - UPDATED
- 4 Signs of Disconnect Between The Board and The Security Team
- 5 Reasons to Mark a False Positive in ThreatConnect
- 5 Things to Do at RSA 2018
- 5 Things to Do at RSA 2019
- 5 Ways TIPs Can Enhance Your SIEM
- 5 Ways to Make Threat Analysis Actionable
- 7 Threat Intelligence Tools Your Cybersecurity Team Needs
- 7 Tips for Working from Home
- A Change Will Do You (and Us) Good
- A Song of Intel and Fancy
- A Tale of Two Targets
- Automation Anxiety? Don’t Worry. We Got You.
- Banks See Increased Cyber Attacks
- Belling the BEAR
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices for Writing Playbooks in ThreatConnect, Part 1
- Best Practices for Writing Playbooks, Part 2
- Best Practices: Indicator Rating and Confidence
- Build a Single Source of Truth with ThreatConnect
- Building Daily Habits to Stay Ahead of Security Fires
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- CAL 2.3 Brings New Data Sources and Analytics Improvements to ThreatConnect
- CAL™ 2.2 Brings Improved Data Hygiene and More Robust Graph Modeling
- Camerashy on You Crazy Diamond
- CameraShy: Infrastructure Analysis
- Can a BEAR Fit Down a Rabbit Hole?
- Casting a Light on BlackEnergy
- Chinese APT Yolped Malware and Alcatel-Lucent Incident
- Community-Source Your Cybersecurity Concerns
- Context (and Quality) is King with Threat Intelligence
- Creating Order from Chaos: Enabling (Even) Better Decision Making with ThreatConnect 6.0
- Credit Agricole Phish
- Cyber Attack on Google and Others
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- CyberEdge Survey Results: Security Orchestration and Automation are the new Black
- Cybersecurity Heroes Wield the Power of ThreatConnect
- Demystifying Intelligence Analysis
- Did You Know We Have A Knowledge Base?
- DNC Association Does Not Compute
- Do You Make Swords, or Do You Wield Them?
- Does a BEAR Leak in the Woods?
- Don't Get Caught Up in the Hype of AI for Security
- Duping Doping Domains
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- Five Predictions for 2015 Cybersecurity
- Fysbis: Sharing New Sofacy APT Indicators
- Get Started with Cyber Threat Analysis: How to Research Ransomware
- Getting Started with the ThreatConnect Query Language (TQL)
- Getting Started with Threat Intelligence: A Guide for Retailers
- Getting Started with Threat Intelligence: A Guide for the ONG Community
- Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
- Gootkit Banking Malware
- Growing a Threat Intelligence Program is like Growing a Beard
- Hacktivists vs Faketivists: Fancy Bears in Disguise
- Heartburn over Heartbleed: Assuming the Worst
- Herding Cattle: ThreatConnect’s Vision for Better Intel Feeds
- How Companies Use ThreatConnect To Create a System of Record: A Use Case
- How Companies Use ThreatConnect to Make Their Cybersecurity Programs More Efficient: A Use Case
- How Companies Use ThreatConnect When Building Their Cybersecurity Program: A Use Case
- How to Build a Basic Workflow in ThreatConnect
- How to Choose the Right SOAR Platform: A Checklist
- How to Choose the Right Threat Intelligence Platform for You
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- How to Manage and Integrate Signatures in ThreatConnect
- How to Use Threat Intelligence & Orchestration to Defeat Stranger Threats
- Hunting Adversaries w/ Diamond Dashboard for Splunk
- Improving Accuracy and Efficiency in Security Operations with ThreatConnect
- Intel’s in the way that you use it, Snoke don’t you know
- Introducing ThreatConnect's Intel Report Cards
- Introducing ThreatConnect's New Learning Portal
- Introducing ThreatConnect's Version 5.8
- Iranian Cyber Army Strikes Again
- ISAO Standards and Cybersecurity Collaboration: One Year Later
- It's a Bird. It's a Plane. It's China's SuperMan APT
- Journal of Cyber Policy’s, Crouching Threat Hunter, Hidden Adversary
- Just the Tip of the Iceberg
- Just the TIP of the Iceberg: Categorizing the Evolving Threat Intelligence Platform
- Kinetic and Potential Energy Framework: Applying Thermodynamics to Threat Intelligence
- Let's Get Fancy
- Lights, Camera, Actionable Intelligence!
- Malicious Code Goes Mobile
- Malicious DLL and Satellite Infrastructure: Russian "Turla" APT
- Maturing Your Cybersecurity Program
- May the Force (of Partnerships) Be With You
- May the Fourth be with you: A Star Wars InfoSec Bibliography
- Measuring the Detection and Response Gap
- Nasdaq Cyber Attack
- Now Available: CAL COVID19-themed Newly Registered Domains Feed
- Operationalizing Threat Intel: On the Importance of “Boring” Dashboards
- OPM Breach Analysis: Update
- Orchestrate Actions Based on Automating Phishing Email Analysis
- Parlez-vous Fancy?
- Parlez-vous Fancy?
- Phantom of the Opaera: New KASPERAGENT Malware Campaign
- Playbook Fridays: Using Playbooks to populate custom attributes
- Playbook Fridays: Associated Indicator Metadata Creator
- Playbook Fridays: ATT&CK Tag Framework
- Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
- Playbook Fridays: Bit.ly URL Decoder
- Playbook Fridays: Component IOC All Data Pull
- Playbook Fridays: Conducting VMRay Malware Analysis
- Playbook Fridays: Converting Apps
- Playbook Fridays: CrowdStrike Snort Rules Ingest
- Playbook Fridays: dan.me TOR Full List with Details
- Playbook Fridays: Deploying Yara Signature to Carbon Black CB Response
- Playbook Fridays: Document Parsing and Keyword Scanning/Tagging
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: DomainTools Iris Investigate Monitor
- Playbook Fridays: Enriching Indicators with Shodan
- Playbook Fridays: Forcing Active Directory (AD) Password Resets via ThreatConnect Victims
- Playbook Fridays: Generate Intelligence Reports
- Playbook Fridays: Generate Intelligence Reports, Part 2
- Playbook Fridays: Github Activity Monitor
- Playbook Fridays: Google Alerts RSS Reader
- Playbook Fridays: Group and Indicator Comment Link Creators
- Playbook Fridays: Have You Been Pwned?
- Playbook Fridays: How to Build a Playbook in ThreatConnect
- Playbook Fridays: How to Control the Cloud with Playbooks
- Playbook Fridays: How to Create a Playbook for the Non-Programmer
- Playbook Fridays: How to Query Abuse.net with Playbooks
- Playbook Fridays: How to Use ThreatConnect Playbooks to Manage Security APIs
- Playbook Fridays: Human in the Loop Playbook Systems
- Playbook Fridays: Indicator Defanging
- Playbook Fridays: Indicator Status Updater Playbook Component
- Playbook Fridays: Koodous Playbook Components
- Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
- Playbook Fridays: New ThreatConnect App for Splunk 3.1
- Playbook Fridays: OneMillion API Component
- Playbook Fridays: Potential Zoom-related Threats Dashboard
- Playbook Fridays: QRadar Tag Search in ThreatConnect
- Playbook Fridays: Query Cymon.io API
- Playbook Fridays: Query Hashes via Email Submission
- Playbook Fridays: Query Jira for Ticket Information
- Playbook Fridays: Query Palo Alto Wildfire For New Submissions / Submit Wildfire Binary to VMRay
- Playbook Fridays: Reporting Through Email Attachment
- Playbook Fridays: Robtex ASN Query and Robtex IP Query
- Playbook Fridays: Taking Screenshots with a Playbook
- Playbook Fridays: Task Management
- Playbook Fridays: The Indicator Importer Spaces App
- Playbook Fridays: Web Page Monitoring
- Playbook Fridays: WhatCMS API Playbook
- Please Do Not Feed the Phish
- PROFORMA INVOICE COPY Spam
- Project CAMERASHY: Closing the Aperture on China’s Unit 78020
- Query a Host or URL Indicator in Archive.org's Wayback Machine
- Research One: A ThreatConnect Story
- Rock-Paper-Haxors
- Russian Cyber Operations on Steroids
- Save Time and Accomplish More with Playbooks
- Sending Aspiring Jedi Knights to Dagobah System
- Share The Love: Using ThreatConnect as a Threat Intelligence Sharing Platform for ISACs, ISAOs, and their Members
- Sharing Threat Intelligence Using STIX-TAXII
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Small Businesses – Often Overlooked, but Just as Vulnerable to Cyber Attacks
- SMS SPAM Domains
- Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
- Step 1: Collect and Correlate Relevant Threat Data
- Stepping to Fancy Bear
- The FORCE of STIX & TAXII: Why STIX & TAXII are so Important to Financial Services Companies & EMEA
- The Foundation of Internet Trust May Be Crumbling - DigiNotar Certificate Authority Breached
- The Power and Responsibility of Customer Data and Analytics
- The Rise of Digitally Signed Malware
- The Secret to our (Customer) Success
- The Tao of Intel Driven Security
- The Technical Blogs and Reports Source
- There's More to Life than Zero-Days
- Threat Intelligence and Risk Management
- Threat Intelligence and the Downfall of the Galactic Empire
- Threat Intelligence Doesn't Have to Be Inconceivable
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect 5.7 Release Shows Advancements in Playbooks Capabilities
- ThreatConnect achieves ISO 27001:2013 certification
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and ServiceNow: More Integrations for Better Context
- ThreatConnect and the Rise of the Security Developer
- ThreatConnect details Cancer Foundation Domain Squat Incident
- ThreatConnect details Westin Resort Domain Squat Incident
- ThreatConnect Episode IV: A New Scope
- ThreatConnect Introduces its Multi-Environment Orchestration Capability
- ThreatConnect Introduces Version 5.6
- ThreatConnect Launches Retail Community for Retailers to Collaborate Around Threat Intelligence
- ThreatConnect Lights Up Shellshock
- ThreatConnect Provides a Report on Healthcare and Medical Industry Threats
- ThreatConnect Releases 20 New Carbon Black Playbook Apps for CB Response
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Shares Incident Information a digitalmailer requested password change
- ThreatConnect Shares Incident Information for a new CryptXXX Ransomware Trojan
- ThreatConnect Shares Incident Information for Fake eBay Advertising Pages
- ThreatConnect Shares Incident Information on a Phishing Page Serving Fake Login for University
- ThreatConnect Shares Incident Information on an Exxon Mobil Domain Squat Employment Scam
- ThreatConnect Shares Incident Information on Bank of Brazil Phishing Malware
- ThreatConnect Shares Incident Information on Infected Pokemon Go Android Malware
- ThreatConnect Shares Incident Information on Kivuto FTP Server Hosting Bitcoin Mining Malware
- ThreatConnect Shares Incident Information on Major Financial Institution Domain Squat
- ThreatConnect Shares Incident Information on Malware Spoofing Domains
- ThreatConnect Shares Incident Information on PhotoMiner malware found on FTP servers
- ThreatConnect Shares Incident Information on PhotoMiner Worm Malware
- ThreatConnect Shares Incident Information on Suspicious Domains on Bitcoin DNS Nameservers
- ThreatConnect Shares Incident Information on the Adversary Obi Onyeka
- ThreatConnect Shares Incident Information on Turla APT satellite-based infrastructure
- ThreatConnect Shares Incident Information on Typosquatting Domains
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect's RSA Archer Integration, Playbooks, and Apps (oh my!)
- ThreatConnect’s Developer Partner Program: We Meme Business
- ThreatConnect’s Top 5 CAN’T MISS things to do while at the 2017 RSA Conference USA!
- ThreatConnect’s Top 5 Things to Do While at the 2016 FS-ISAC Fall Summit
- Top 5 ThreatConnect Resources for Malware Analysis
- Top 6 Reasons Why You Should Apply Intelligence to Automation and Orchestration
- Towards Data-Driven Threat Analysis
- Track to the Future
- Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
- Using ATT&CK in ThreatConnect to Prioritize, Ask Questions, and Respond Faster
- What a post-investment world looks like for ThreatConnect customers
- What Can CAL™ (Collective Analytics Layer) Do For You?
- What is a Cyber Threat? How to Explain Cyber Threats to Your CEO
- What is a Security Operations and Analytics Platform?
- What the Verizon DBIR Says About Threat Intelligence Sharing
- What's in a Name Server?
- What's the RSA Conference About, Daddy?
- What’s in a Platform?
- When Dumpster Fires Make You WannaCry
- When You're a Platform, Everything Else is a Tool
- White House Initiative on Cyber Threat Sharing: A Good Start
- Why Build Apps in ThreatConnect
- Word Document Trojan Exploiting CVE-2015-2545
Featured Article
- (Un)Intended Side Effect of a Platform like ThreatConnect: Job Satisfaction
- 10 Things Security Analysts Can Do for Free in TC Open - UPDATED
- 4 Signs of Disconnect Between The Board and The Security Team
- 5 Reasons to Mark a False Positive in ThreatConnect
- 5 Things to Do at RSA 2018
- 5 Ways TIPs Can Enhance Your SIEM
- 5 Ways to Make Threat Analysis Actionable
- 7 Threat Intelligence Tools Your Cybersecurity Team Needs
- 7 Tips for Working from Home
- A Song of Intel and Fancy
- A Tale of Two Targets
- Attacks on Insurers: Lessons Learned
- Automation Anxiety? Don’t Worry. We Got You.
- Belling the BEAR
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices for Writing Playbooks, Part 2
- Build a Single Source of Truth with ThreatConnect
- Building Daily Habits to Stay Ahead of Security Fires
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- CAL 2.3 Brings New Data Sources and Analytics Improvements to ThreatConnect
- Can a BEAR Fit Down a Rabbit Hole?
- Casting a Light on BlackEnergy
- China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us
- Community-Source Your Cybersecurity Concerns
- Creating Order from Chaos: Enabling (Even) Better Decision Making with ThreatConnect 6.0
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- CyberEdge Survey Results: Security Orchestration and Automation are the new Black
- Cybersecurity Heroes Wield the Power of ThreatConnect
- Cybersecurity Jobs and Impact on Future Training and Education
- Demystifying Intelligence Analysis
- Did You Know We Have A Knowledge Base?
- DNC Association Does Not Compute
- Do You Make Swords, or Do You Wield Them?
- Does a BEAR Leak in the Woods?
- Don't Get Caught Up in the Hype of AI for Security
- Duping Doping Domains
- FANCY BEAR Has an (IT) Itch that They Can't Scratch
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- Get Started with Cyber Threat Analysis: How to Research Ransomware
- Getting Back to the Basics of Actionable Threat Intelligence
- Getting Started with the ThreatConnect Query Language (TQL)
- Getting Started with Threat Intelligence: A Guide for Retailers
- Getting Started with Threat Intelligence: A Guide for the ONG Community
- Getting the Most out of Crowdsourcing Threat Intelligence
- Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
- Guccifer 2.0: All Roads Lead to Russia
- Guccifer 2.0: the Man, the Myth, the Legend?
- Hacktivists vs Faketivists: Fancy Bears in Disguise
- Herding Cattle: ThreatConnect’s Vision for Better Intel Feeds
- How Companies Use ThreatConnect To Create a System of Record: A Use Case
- How Companies Use ThreatConnect to Make Their Cybersecurity Programs More Efficient: A Use Case
- How Companies Use ThreatConnect When Building Their Cybersecurity Program: A Use Case
- How I Prevent a Hack Attack
- How to Build a Basic Workflow in ThreatConnect
- How to Choose the Right SOAR Platform: A Checklist
- How to Choose the Right Threat Intelligence Platform for You
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- How to Manage and Integrate Signatures in ThreatConnect
- How To Streamline Threat Intel Sharing Before Lunch
- How to Use Threat Intelligence & Orchestration to Defeat Stranger Threats
- Improving Accuracy and Efficiency in Security Operations with ThreatConnect
- Intel’s in the way that you use it, Snoke don’t you know
- Introducing ThreatConnect's Intel Report Cards
- Introducing ThreatConnect's New Learning Portal
- Introducing ThreatConnect's Version 5.8
- Is Your Threat Intelligence Platform Just a Tool?
- Journal of Cyber Policy’s, Crouching Threat Hunter, Hidden Adversary
- Just the TIP of the Iceberg: Categorizing the Evolving Threat Intelligence Platform
- Kinetic and Potential Energy Framework: Applying Thermodynamics to Threat Intelligence
- Let's Get Fancy
- Lights, Camera, Actionable Intelligence!
- Luke in the Sky with Diamonds
- Maturing Your Cybersecurity Program
- May the Force (of Partnerships) Be With You
- Measuring the Detection and Response Gap
- Now Available: CAL COVID19-themed Newly Registered Domains Feed
- Offense Wins Games, Defense Wins Super Bowls
- Operationalizing Threat Intel: On the Importance of “Boring” Dashboards
- Parlez-vous Fancy?
- Phantom of the Opaera: New KASPERAGENT Malware Campaign
- Please Do Not Feed the Phish
- Query a Host or URL Indicator in Archive.org's Wayback Machine
- Quickly Assess Maliciousness of Suspicious Activity with “Analyze"
- Rebooting Watergate: Tapping into the Democratic National Committee
- Research One: A ThreatConnect Story
- Rock-Paper-Haxors
- ROI for Threat Intelligence
- Russian Cyber Operations on Steroids
- Save Time and Accomplish More with Playbooks
- Share The Love: Using ThreatConnect as a Threat Intelligence Sharing Platform for ISACs, ISAOs, and their Members
- Sharing Threat Intelligence Using STIX-TAXII
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Step 1: Collect and Correlate Relevant Threat Data
- Stepping to Fancy Bear
- The Best Threat Intelligence Feeds
- The Cost of Bad Threat Intelligence
- The Dollars and "Sense" Behind Threat Intelligence Sharing
- The FORCE of STIX & TAXII: Why STIX & TAXII are so Important to Financial Services Companies & EMEA
- The Power and Responsibility of Customer Data and Analytics
- The Secret to our (Customer) Success
- The Tao of Intel Driven Security
- The Technical Blogs and Reports Source
- There's More to Life than Zero-Days
- Threat Intelligence and Risk Management
- Threat Intelligence and the Downfall of the Galactic Empire
- Threat Intelligence Doesn't Have to Be Inconceivable
- Threat Intelligence in 3rd Party Risk Assessment
- Threat Intelligence Processes are a Journey; Not a Destination
- Threat Intelligence within the Risk Management Process
- Threat Intelligence-Driven Risk Analysis
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect achieves ISO 27001:2013 certification
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and ServiceNow: More Integrations for Better Context
- ThreatConnect and the Rise of the Security Developer
- ThreatConnect Episode IV: A New Scope
- ThreatConnect Introduces its Multi-Environment Orchestration Capability
- ThreatConnect Officially Launches an Exclusive Subscriber Community with Advanced Threat Shares
- ThreatConnect Provides a Report on Healthcare and Medical Industry Threats
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Takes Signature Management to the Next Level
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect’s Developer Partner Program: We Meme Business
- ThreatConnect’s Top 5 CAN’T MISS things to do while at the 2017 RSA Conference USA!
- ThreatConnect’s Top 5 Things to Do While at the 2016 FS-ISAC Fall Summit
- Top 6 Reasons Why You Should Apply Intelligence to Automation and Orchestration
- Towards Data-Driven Threat Analysis
- Track to the Future
- Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
- Using ATT&CK in ThreatConnect to Prioritize, Ask Questions, and Respond Faster
- What a post-investment world looks like for ThreatConnect customers
- What Can CAL™ (Collective Analytics Layer) Do For You?
- What is a Cyber Threat? How to Explain Cyber Threats to Your CEO
- What is a Security Operations and Analytics Platform?
- What is a Threat Intelligence Platform
- What the Verizon DBIR Says About Threat Intelligence Sharing
- What's in a Name Server?
- What's the RSA Conference About, Daddy?
- What’s in a Platform?
- When Dumpster Fires Make You WannaCry
- When You're a Platform, Everything Else is a Tool
- Why Build Apps in ThreatConnect
How-to Guides
- 10 Things Security Analysts Can Do for Free in TC Open - UPDATED
- 5 Tips For Effective Threat Intelligence
- 5 Ways to Make Threat Analysis Actionable
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices for Writing Playbooks in ThreatConnect, Part 1
- Best Practices: Indicator Rating and Confidence
- Casting a Light on BlackEnergy
- Community-Source Your Cybersecurity Concerns
- Did You Know We Have A Knowledge Base?
- Get Started with Cyber Threat Analysis: How to Research Ransomware
- Getting Back to the Basics of Actionable Threat Intelligence
- Growing a Threat Intelligence Program is like Growing a Beard
- How Companies Use ThreatConnect To Create a System of Record: A Use Case
- How Companies Use ThreatConnect to Make Their Cybersecurity Programs More Efficient: A Use Case
- How Companies Use ThreatConnect When Building Their Cybersecurity Program: A Use Case
- How to Build a Basic Workflow in ThreatConnect
- How to Manage and Integrate Signatures in ThreatConnect
- How To Streamline Threat Intel Sharing Before Lunch
- Intel’s in the way that you use it, Snoke don’t you know
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: OneMillion API Component
- Playbook Fridays: Reporting Through Email Attachment
- Please Do Not Feed the Phish
- Query a Host or URL Indicator in Archive.org's Wayback Machine
- Step 1: Collect and Correlate Relevant Threat Data
- Stepping to Fancy Bear
- The Power and Responsibility of Customer Data and Analytics
- Threat Intelligence in 3rd Party Risk Assessment
- ThreatConnect 5.7 Release Shows Advancements in Playbooks Capabilities
- ThreatConnect How To: Importing Indicators
- ThreatConnect How To: Pivoting & Exporting Data
- Top 5 ThreatConnect Resources for Malware Analysis
- What is a Cyber Threat? How to Explain Cyber Threats to Your CEO
Playbook Fridays
- Orchestrate Actions Based on Automating Phishing Email Analysis
- Playbook Fridays: Using Playbooks to populate custom attributes
- Playbook Fridays: Associated Indicator Metadata Creator
- Playbook Fridays: ATT&CK Tag Framework
- Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
- Playbook Fridays: Bit.ly URL Decoder
- Playbook Fridays: Component IOC All Data Pull
- Playbook Fridays: Conducting VMRay Malware Analysis
- Playbook Fridays: Converting Apps
- Playbook Fridays: CrowdStrike Snort Rules Ingest
- Playbook Fridays: dan.me TOR Full List with Details
- Playbook Fridays: Deploying Yara Signature to Carbon Black CB Response
- Playbook Fridays: Document Parsing and Keyword Scanning/Tagging
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: DomainTools Iris Investigate Monitor
- Playbook Fridays: Enriching Indicators with Shodan
- Playbook Fridays: Forcing Active Directory (AD) Password Resets via ThreatConnect Victims
- Playbook Fridays: Generate Intelligence Reports
- Playbook Fridays: Generate Intelligence Reports, Part 2
- Playbook Fridays: Google Alerts RSS Reader
- Playbook Fridays: Group and Indicator Comment Link Creators
- Playbook Fridays: Have You Been Pwned?
- Playbook Fridays: How to Build a Playbook in ThreatConnect
- Playbook Fridays: How to Control the Cloud with Playbooks
- Playbook Fridays: How to Create a Playbook for the Non-Programmer
- Playbook Fridays: How to Query Abuse.net with Playbooks
- Playbook Fridays: How to Use ThreatConnect Playbooks to Manage Security APIs
- Playbook Fridays: Human in the Loop Playbook Systems
- Playbook Fridays: Indicator Defanging
- Playbook Fridays: Indicator Status Updater Playbook Component
- Playbook Fridays: Koodous Playbook Components
- Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
- Playbook Fridays: New ThreatConnect App for Splunk 3.1
- Playbook Fridays: Potential Zoom-related Threats Dashboard
- Playbook Fridays: QRadar Tag Search in ThreatConnect
- Playbook Fridays: Query Cymon.io API
- Playbook Fridays: Query Hashes via Email Submission
- Playbook Fridays: Query Jira for Ticket Information
- Playbook Fridays: Query Palo Alto Wildfire For New Submissions / Submit Wildfire Binary to VMRay
- Playbook Fridays: Reporting Through Email Attachment
- Playbook Fridays: Robtex ASN Query and Robtex IP Query
- Playbook Fridays: Taking Screenshots with a Playbook
- Playbook Fridays: Task Management
- Playbook Fridays: The Indicator Importer Spaces App
- Playbook Fridays: Web Page Monitoring
- Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
Playbooks
- Best Practices for Writing Playbooks in ThreatConnect, Part 1
- Best Practices for Writing Playbooks, Part 2
- Orchestrate Actions Based on Automating Phishing Email Analysis
- Playbook Fridays: ATT&CK Tag Framework
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: Forcing Active Directory (AD) Password Resets via ThreatConnect Victims
- Playbook Fridays: Generate Intelligence Reports, Part 2
- Playbook Fridays: Github Activity Monitor
- Playbook Fridays: Human in the Loop Playbook Systems
- Playbook Fridays: OneMillion API Component
- Playbook Fridays: Web Page Monitoring
- Playbook Fridays: WhatCMS API Playbook
- Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect's RSA Archer Integration, Playbooks, and Apps (oh my!)
Product News
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices: Indicator Rating and Confidence
- CAL 2.3 Brings New Data Sources and Analytics Improvements to ThreatConnect
- CAL™ 2.2 Brings Improved Data Hygiene and More Robust Graph Modeling
- Community-Source Your Cybersecurity Concerns
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- Cybersecurity Heroes Wield the Power of ThreatConnect
- Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
- Herding Cattle: ThreatConnect’s Vision for Better Intel Feeds
- How to Manage and Integrate Signatures in ThreatConnect
- Hunting Adversaries w/ Diamond Dashboard for Splunk
- Introducing ThreatConnect's New Learning Portal
- Introducing ThreatConnect's Version 5.8
- ISAC & ISAO Financial Incentives for Sharing Threat Intelligence Emerge
- ISAO Standards and Cybersecurity Collaboration: One Year Later
- Network Health: Advanced Cyber Threats to the Medical & Life Sciences Industries
- Now Available: CAL COVID19-themed Newly Registered Domains Feed
- Quickly Assess Maliciousness of Suspicious Activity with “Analyze"
- Rock-Paper-Haxors
- ROI for Threat Intelligence
- Save Time and Accomplish More with Playbooks
- The Cost of Bad Threat Intelligence
- Threat Intelligence Sharing is Real
- Threat Intelligence Sharing: Empower Your Cyber Defense
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and Maltego
- ThreatConnect and ServiceNow: More Integrations for Better Context
- ThreatConnect Announced as SmartCEO 2015 GovStar Awards Finalist
- ThreatConnect Announces Investment from Grotech Ventures
- ThreatConnect Communities: A Swiss Army Knife in Your Collaboration Arsenal
- ThreatConnect Community Success Story: The Rubber Meets the Road
- ThreatConnect Enables “Healthy Networking” for the Biomed and Life Sciences Industry
- ThreatConnect Industry Communities - Paying it Forward Produces Big Gains
- ThreatConnect Introduces its Multi-Environment Orchestration Capability
- ThreatConnect Introduces Version 5.6
- ThreatConnect Launches Retail Community for Retailers to Collaborate Around Threat Intelligence
- ThreatConnect Lights Up Shellshock
- ThreatConnect Officially Launches an Exclusive Subscriber Community with Advanced Threat Shares
- ThreatConnect Releases 20 New Carbon Black Playbook Apps for CB Response
- ThreatConnect Takes Signature Management to the Next Level
- ThreatConnect's RSA Archer Integration, Playbooks, and Apps (oh my!)
- Using ATT&CK in ThreatConnect to Prioritize, Ask Questions, and Respond Faster
Research
- A Song of Intel and Fancy
- A Tale of Two Targets
- Belling the BEAR
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- Can a BEAR Fit Down a Rabbit Hole?
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- DNC Association Does Not Compute
- Do You Make Swords, or Do You Wield Them?
- Does a BEAR Leak in the Woods?
- Duping Doping Domains
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- How to Choose the Right Threat Intelligence Platform for You
- Let's Get Fancy
- Lights, Camera, Actionable Intelligence!
- Parlez-vous Fancy?
- Parlez-vous Fancy?
- Research One: A ThreatConnect Story
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Stepping to Fancy Bear
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Spoofing SharePoint
- What's in a Name Server?
SOAR
- 10 Things Security Analysts Can Do for Free in TC Open - UPDATED
- Build a Single Source of Truth with ThreatConnect
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- Improving Accuracy and Efficiency in Security Operations with ThreatConnect
- Journal of Cyber Policy’s, Crouching Threat Hunter, Hidden Adversary
- Playbook Fridays: Converting Apps
- Playbook Fridays: DomainTools Iris Investigate Monitor
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect’s Developer Partner Program: We Meme Business
Star Wars
- 5 Ways TIPs Can Enhance Your SIEM
- Camerashy on You Crazy Diamond
- CameraShy: Infrastructure Analysis
- Hunting Adversaries w/ Diamond Dashboard for Splunk
- Intel’s in the way that you use it, Snoke don’t you know
- Luke in the Sky with Diamonds
- May the Force (of Partnerships) Be With You
- May the Fourth be with you: A Star Wars InfoSec Bibliography
- Offense Wins Games, Defense Wins Super Bowls
- Piercing the Cow's Tongue: China Targeting South China Seas Nations
- Sending Aspiring Jedi Knights to Dagobah System
- Threat Intelligence and the Downfall of the Galactic Empire
- Threat Intelligence-Driven Risk Analysis
- ThreatConnect Episode IV: A New Scope
Threat Research
- 7 Threat Intelligence Tools Your Cybersecurity Team Needs
- A Song of Intel and Fancy
- A Tale of Two Koreas: Keeping Watch over the Digital DMZ
- A Tale of Two Targets
- Adversary Intelligence: Getting Behind the Keyboard
- APT #TargetedAttacks within @SocialMedia
- Burning Down the House for Fun and Profit
- Camerashy on You Crazy Diamond
- CameraShy: Infrastructure Analysis
- Can a BEAR Fit Down a Rabbit Hole?
- China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us
- Debugging the Pakistan Cyber Army: From Pakbugs to Bitterbugs
- Divide and Conquer: Unmasking China's 'Quarian' Campaigns Through Community
- DNC Association Does Not Compute
- Do You Make Swords, or Do You Wield Them?
- Duping Doping Domains
- FANCY BEAR Has an (IT) Itch that They Can't Scratch
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- Getting “Left of Boom": How ThreatConnect Enables Proactive Cybersecurity
- Guccifer 2.0: All Roads Lead to Russia
- Guccifer 2.0: the Man, the Myth, the Legend?
- Hacktivists vs Faketivists: Fancy Bears in Disguise
- Hiding in the Clouds: Leveraging Social Media for Cyber Attacks
- Hipster-Analytics: Throwback Analysis of an Overlooked Advanced Persistent Threat
- Holiday Aspxor Mimics Retailers
- I Got 99 Problems But a Phish Ain’t One
- Just the Tip of the Iceberg
- Khaan Quest: Chinese Cyber Espionage Targeting Mongolia
- Killing with a Borrowed Knife: Chaining Core Cloud Service Profile Infrastructure for Cyber Attacks
- Let's Get Fancy
- Network Health: Advanced Cyber Threats to the Medical & Life Sciences Industries
- Old Habits Die Hard: Iterative Intelligence & Comment Crew Activity
- Operation Arachnophobia: The Spy-der Who Loved Me
- Operation Poisoned Helmand
- Operation SMN: From Sharing to Acting on Threat Intelligence
- OPM Breach Analysis
- OPM Breach Analysis: Update
- Parlez-vous Fancy?
- Phantom of the Opaera: New KASPERAGENT Malware Campaign
- Piercing the Cow's Tongue: China Targeting South China Seas Nations
- Playbook Fridays: How to Query Abuse.net with Playbooks
- Playbook Fridays: Task Management
- Premera Latest Healthcare Insurance Agency to be Breached
- Project CAMERASHY: Closing the Aperture on China’s Unit 78020
- Rebooting Watergate: Tapping into the Democratic National Committee
- Research One: A ThreatConnect Story
- Rising from the Ashes: The Return of the Crew
- Russian Cyber Operations on Steroids
- Sending Aspiring Jedi Knights to Dagobah System
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Stepping to Fancy Bear
- The Anthem Hack: All Roads Lead to China
- The Dollars and "Sense" Behind Threat Intelligence Sharing
- The Technical Blogs and Reports Source
- There's something about Mahdi
- Threat Intelligence in 3rd Party Risk Assessment
- Threat Intelligence-Driven Risk Analysis
- ThreatConnect Aids Novetta Research for Operation Blockbuster
- ThreatConnect Enables “Healthy Networking” for the Biomed and Life Sciences Industry
- ThreatConnect Gets to the Root of Targeted Exploitation Campaigns
- ThreatConnect Officially Launches an Exclusive Subscriber Community with Advanced Threat Shares
- Track to the Future
- Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
- Victim-nomics: Estimating the “Costs” of Compromise
- What's in a Name Server?
- When Dumpster Fires Make You WannaCry
- Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up
ThreatConnect Events
- Intel’s in the way that you use it, Snoke don’t you know
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect at FS-ISAC Fall Summit
- ThreatConnect at RSA 2017
- ThreatConnect at SANS CDI
- ThreatConnect at Splunk .conf2016
- ThreatConnect at Virus Bulletin International Conference
- ThreatConnect’s Top 5 CAN’T MISS things to do while at the 2017 RSA Conference USA!
TIP
- 10 Things Security Analysts Can Do for Free in TC Open - UPDATED
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect’s Developer Partner Program: We Meme Business
Uncategorized
- 64 bit Quarian APT Malware
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
- Playbook Fridays: Converting Apps
- Playbook Fridays: DomainTools Iris Investigate Monitor