Pages
- Actra Community Reg
- Actra TC User
- Aggregating Feeds Is Not Enough
- Become a Partner
- Black Hat Thank You
- Blog
- Blog Subscriptions
- Building a Threat Intelligence Program
- Building a TI Program UK
- Collective Analytics Layer
- Company
- Contact
- Cookie Policy
- CTA White Papers
- Dashboards
- Deal Registration
- Don’t Just Follow the Herd
- e-isac
- Forrester TEI: ThreatConnect ROI
- Free
- Free vs Paid
- FS-ISAC Annual Summit 2019
- FS-ISAC Fall Summit
- FS-ISAC Fall Summit
- Gain Visibility Into Healthcare’s Greatest Cyber Threats
- Gain Visibility Into Retail’s Greatest Cyber Threats
- Gain Visibility Into the Greatest Cyber Threats to Financial Services
- Gartner 2020 Security & Risk Management Summit
- Gartner Security Risk Management Summit 2019
- Gartner Threat Intel Market Guide 2020
- Gucifer and Fancy Bear
- Home
- Home
- Integrations
- Intelligence-Driven Orchestration
- Kingston University
- ME-ISAC
- More is Note More
- Nehemiah Security and ThreatConnect
- Ong-isac
- ONG-ISAC Allied Partners
- ONG-ISAC Collaborators
- Ong-Isac TC User
- Operation Arachnaphobia
- Partners
- Playbook Fridays
- Playbooks ROI Calculator
- Premium ThreatConnect Intelligence Source
- Privacy Policy
- Project CameraShy
- Project CameraShy Resources
- Reduce Risk
- Request a Demo
- Resources
- Rise of the Diamond Model
- RSA Conference 2019
- RSA Conference 2020
- Sandbox Registration
- SAP Hana
- SecTor Virtual Summit
- SIEM + Threat Intelligence
- Sitemap
- SOAR ebook
- SOAR ebook - Digioh
- SOAR ebook for Cyberwire
- SOAR eBooks Thank You
- SOAR Market guide
- SOAR TIP eBooks
- Solution
- Automated EDR
- Automation & Orchestration
- Brand Monitoring
- Case Management
- Cyber Risk Quantification
- Dashboards and Reporting
- Energy & Utilities
- Financial Services
- Government
- Healthcare
- How To Buy
- Incident Response
- Intelligence Sharing
- MSSPs
- Phishing Analysis & Response
- Playbook Servers and Playbook Workers
- Retail
- Security Leadership
- Security Operations
- SOAR Platform (Security Orchestration, Automation and Response)
- Technology Companies
- Threat Hunting
- Threat Intel Analysts
- Threat Intelligence
- Threat Intelligence Platform
- ThreatConnect for MITRE ATT&CK
- ThreatConnect for State & Local Government
- Vulnerability Management
- STIX TAXII
- Subscribe to Our Blog
- TC Open - for Paid Search
- TC Open for CyberWire
- Technology Partner Business & Breakfast Meetup
- Technology Partners
- Terms of Service
- Thank You - RQ request for more info and demo
- Thank You Blog
- Thank You Trial Reg
- The Benefits of Integrating Threat Intelligence Into Your SIEM
- ThreatConnect at RSA Conference 2019 Meeting Request
- ThreatConnect at RSA Conference 2020 Meeting Request
- ThreatConnect Community Collaboration Case Study
- ThreatConnect Customer Success
- ThreatConnect Customer Training: Live in Houston
- ThreatConnect Customer Training: Live in London
- ThreatConnect Customer Training: Live in Toronto
- ThreatConnect RSA Party 2019 RSVP
- ThreatConnect Sandbox Addendum
- ThreatConnect Support
- Unsubscribe
- Using MITRE ATT&CK and Threat Intelligence to Stop Attacks
- What are Playbooks?
- What is a SOAR?
- What is a Workflow in ThreatConnect?
- Workday Community Registration
Posts
All
- 5 Reasons CISOs Need Security Operations, Automation, and Orchestration (SOAR)
- 5 Ways TIPs Can Enhance Your SIEM
- 7 Tips for Working from Home
- Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
- Black Hat 2020 Sessions Not to be Missed!
- Do Androids Dream of Electric CALFs?
- Empowering Better Security Operations with Intelligence
- Improving Team Retention with SOAR
- Integrations Aren't Just for Developers
- ISAO Standards and Cybersecurity Collaboration: One Year Later
- Limiting Operational Impact in a COVID-World
- Orchestration With and Without Intelligence: What’s the Difference?
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- Realizing the Benefits of Security Orchestration, Automation, and Response (SOAR)
- Sending Aspiring Jedi Knights to Dagobah System
- SOAR: An Incident Responder’s Best Friend
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and Microsoft Graph: Integrate Seamlessly with the Microsoft Stack
- ThreatConnect and MITRE ATT&CK: Supporting Sub-techniques
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and Shodan: Enrich threat data to enhance decision making
- ThreatConnect and Sigma Signatures: Increase Detection Capabilities
- ThreatConnect and Tanium: Improved Incident Response with Intel Packages
- ThreatConnect and Twilio: Supporting human in the loop orchestration and SMS notifications
- ThreatConnect and VMRay: Better Malware Analysis
- ThreatConnect Research Roundup: Twitter Hacked and APT29 Targets COVID-19 Vaccine
- ThreatConnect: The Brain of Security
- ThreatConnect's Security Operations Maturity Model
- Top 6 Reasons Why You Should Apply Intelligence to Automation and Orchestration
Blog
- (Un)Intended Side Effect of a Platform like ThreatConnect: Job Satisfaction
- 10 FREE Things You Can Do in TC Open - UPDATED
- 4 Signs of Disconnect Between The Board and The Security Team
- 5 Reasons CISOs Need Security Operations, Automation, and Orchestration (SOAR)
- 5 Reasons to Mark a False Positive in ThreatConnect
- 5 Things to Do at RSA 2018
- 5 Things to Do at RSA 2019
- 5 Ways TIPs Can Enhance Your SIEM
- 5 Ways to Make Threat Analysis Actionable
- 7 Threat Intelligence Tools Your Team Needs
- 7 Tips for Working from Home
- 8 Ways SOC & IR Teams Can Use ThreatConnect’s Workflow Capability
- A Change Will Do You (and Us) Good
- A Song of Intel and Fancy
- A Tale of Two Targets
- Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
- Automation Anxiety? Don’t Worry.
- Banks See Increased Cyber Attacks
- Belling the BEAR
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices for Writing Playbooks in ThreatConnect, Part 1
- Best Practices for Writing Playbooks, Part 2
- Best Practices: Indicator Rating and Confidence
- Beyond Information Sharing: DHS Begins Cyber Risk Quantification Push
- Black Hat 2020 Sessions Not to be Missed!
- Build a Single Source of Truth
- Building Daily Habits to Stay Ahead of Security Fires
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- CAL 2.3 Brings New Data Sources and Analytics Improvements to ThreatConnect
- CAL™ 2.2 Brings Improved Data Hygiene and More Robust Graph Modeling
- Camerashy on You Crazy Diamond
- CameraShy: Infrastructure Analysis
- Can a BEAR Fit Down a Rabbit Hole?
- Casting a Light on BlackEnergy
- Caught in our Net
- Chinese APT Yolped Malware and Alcatel-Lucent Incident
- Community-Source Your Cybersecurity Concerns
- Context (and Quality) is King with Threat Intelligence
- Creating Order from Chaos: Enabling (Even) Better Decision Making with ThreatConnect 6.0
- Credit Agricole Phish
- Cyber Attack on Google and Others
- Cyber Risk Quantification: The Pressure Is On (New Survey)
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- CyberEdge Survey Results: Security Orchestration and Automation are the new Black
- Cybersecurity Heroes Wield the Power of ThreatConnect
- Demystifying Intelligence Analysis
- Did You Know We Have A Knowledge Base?
- DNC Association Does Not Compute
- Do Androids Dream of Electric CALFs?
- Do You Make Swords, or Do You Wield Them?
- Does a BEAR Leak in the Woods?
- Don't Get Caught Up in the Hype of AI for Security
- Duping Doping Domains
- Empowering Better Security Operations with Intelligence
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- Five Predictions for 2015 Cybersecurity
- Former CIA Cybersecurity Chief Speaks Out on Solar Winds Hack
- Fysbis: Sharing New Sofacy APT Indicators
- Get Started with Cyber Threat Analysis: How to Research Ransomware
- Getting Started with the ThreatConnect Query Language (TQL)
- Getting Started with Threat Intelligence: A Guide for Retailers
- Getting Started with Threat Intelligence: A Guide for the ONG Community
- Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
- Gootkit Banking Malware
- Growing a Threat Intelligence Program is like Growing a Beard
- Hacktivists vs Faketivists: Fancy Bears in Disguise
- Heartburn over Heartbleed: Assuming the Worst
- Herding Cattle: ThreatConnect’s Vision for Better Intel Feeds
- How Companies Use ThreatConnect To Create a System of Record: A Use Case
- How Companies Use ThreatConnect to Make Their Cybersecurity Programs More Efficient: A Use Case
- How Companies Use ThreatConnect When Building Their Cybersecurity Program: A Use Case
- How to Build a Basic Workflow in ThreatConnect
- How to Choose the Right SOAR Platform: A Checklist
- How to Choose the Right Threat Intelligence Platform for You
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- How to Manage and Integrate Signatures in ThreatConnect
- How to Use Threat Intelligence & Orchestration to Defeat Stranger Threats
- How to Use Workflow to Conduct Phishing Analysis Part 2 - Automating Phase 1
- How to Use Workflow to do Phishing Analysis Part 1 - Defining the Process
- Improving Accuracy and Efficiency in Security Operations with ThreatConnect
- Improving Team Retention with SOAR
- Infrastructure Research and Hunting: Boiling the Domain Ocean
- Integrations Aren't Just for Developers
- Intel’s in the way that you use it, Snoke don’t you know
- Introducing ThreatConnect's Intel Report Cards
- Introducing ThreatConnect's New Learning Portal
- Introducing ThreatConnect's Version 5.8
- Iranian Cyber Army Strikes Again
- ISAO Standards and Cybersecurity Collaboration: One Year Later
- It's a Bird. It's a Plane. It's China's SuperMan APT
- Journal of Cyber Policy’s, Crouching Threat Hunter, Hidden Adversary
- Just the Tip of the Iceberg
- Just the TIP of the Iceberg: Categorizing the Evolving Threat Intelligence Platform
- Kimsuky Phishing Operations Putting In Work
- Kinetic and Potential Energy Framework: Applying Thermodynamics to Threat Intelligence
- Let's Get Fancy
- Lights, Camera, Actionable Intelligence!
- Limiting Operational Impact in a COVID-World
- Malicious Code Goes Mobile
- Malicious DLL and Satellite Infrastructure: Russian "Turla" APT
- Maturing Your Cybersecurity Program
- May the Force (of Partnerships) Be With You
- May the Fourth be with you: A Star Wars InfoSec Bibliography
- Measuring the Detection and Response Gap
- Nasdaq Cyber Attack
- Now Available: CAL COVID19-themed Newly Registered Domains Feed
- Operationalizing Threat Intel: On the Importance of “Boring” Dashboards
- OPM Breach Analysis: Update
- Orchestrate Actions Based on Automating Phishing Email Analysis
- Orchestration With and Without Intelligence: What’s the Difference?
- Parlez-vous Fancy?
- Parlez-vous Fancy?
- Phantom of the Opaera: New KASPERAGENT Malware Campaign
- Playbook Fridays: Using Playbooks to populate custom attributes
- Playbook Fridays: Arithmetic Functions Component
- Playbook Fridays: Associated Indicator Metadata Creator
- Playbook Fridays: ATT&CK Tag Framework
- Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
- Playbook Fridays: Bit.ly URL Decoder
- Playbook Fridays: Component IOC All Data Pull
- Playbook Fridays: Conducting VMRay Malware Analysis
- Playbook Fridays: Converting Apps
- Playbook Fridays: Converting your IOCs to CSVs
- Playbook Fridays: CrowdStrike Snort Rules Ingest
- Playbook Fridays: dan.me TOR Full List with Details
- Playbook Fridays: Deploying Yara Signature to Carbon Black CB Response
- Playbook Fridays: Document Parsing and Keyword Scanning/Tagging
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: DomainTools Iris Investigate Monitor
- Playbook Fridays: Forcing Active Directory (AD) Password Resets via ThreatConnect Victims
- Playbook Fridays: Generate Intelligence Reports
- Playbook Fridays: Generate Intelligence Reports, Part 2
- Playbook Fridays: Github Activity Monitor
- Playbook Fridays: Google Alerts RSS Reader
- Playbook Fridays: Group and Indicator Comment Link Creators
- Playbook Fridays: Have You Been Pwned?
- Playbook Fridays: How to Build a Playbook in ThreatConnect
- Playbook Fridays: How to Control the Cloud with Playbooks
- Playbook Fridays: How to Create a Playbook for the Non-Programmer
- Playbook Fridays: How to Query Abuse.net with Playbooks
- Playbook Fridays: How to Use ThreatConnect Playbooks to Manage Security APIs
- Playbook Fridays: Human in the Loop Playbook Systems
- Playbook Fridays: Indicator Defanging
- Playbook Fridays: Indicator Status Updater Playbook Component
- Playbook Fridays: Koodous Playbook Components
- Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
- Playbook Fridays: New ThreatConnect App for Splunk 3.1
- Playbook Fridays: OneMillion API Component
- Playbook Fridays: Potential Zoom-related Threats Dashboard
- Playbook Fridays: QRadar Tag Search in ThreatConnect
- Playbook Fridays: Query Cymon.io API
- Playbook Fridays: Query Hashes via Email Submission
- Playbook Fridays: Query Jira for Ticket Information
- Playbook Fridays: Query Palo Alto Wildfire For New Submissions / Submit Wildfire Binary to VMRay
- Playbook Fridays: Reporting Through Email Attachment
- Playbook Fridays: Robtex ASN Query and Robtex IP Query
- Playbook Fridays: Taking Screenshots with a Playbook
- Playbook Fridays: Task Management
- Playbook Fridays: The Indicator Importer Spaces App
- Playbook Fridays: Web Page Monitoring
- Playbook Fridays: WhatCMS API Playbook
- Please Do Not Feed the Phish
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- PROFORMA INVOICE COPY Spam
- Project CAMERASHY: Closing the Aperture on China’s Unit 78020
- Query a Host or URL Indicator in Archive.org's Wayback Machine
- Reactive Threat Hunting (Part 1): Providing the information that matters, when it matters.
- Realizing the Benefits of Security Orchestration, Automation, and Response (SOAR)
- Recommended Labor Day Reading for the Threat Analyst
- Research One: A ThreatConnect Story
- Research Roundup: Activity on Previously Identified APT33 Domains
- Research Roundup: APT39 Adversaries
- Research Roundup: FBI/NSA Fancy Bear Report Followup
- Research Roundup: Kimsuky Phishing Operations Putting in Work
- Research Roundup: Microsoft Strontium Sinkhole Domain Sibling
- Research Roundup: Mustang Panda and Fancy Bear
- Research Roundup: Mustang Panda and RedDelta PlugX Using Same C2
- Research Roundup: Mustang Panda PlugX Variant Samples and Decryption Script
- Research Roundup: Recent Probable Charming Kitten Infrastructure
- Research Roundup: Suspicious Domain Redirects to Google Account Security Page
- Risk Quantification, Threat Intelligence & Automation: Stronger Together
- Rock-Paper-Haxors
- RQ 5.0 Offers New Automation and Prioritization to Better Respond to and Communicate Cyber Risk
- Russian Cyber Operations on Steroids
- Save Time and Accomplish More with Playbooks
- Sending Aspiring Jedi Knights to Dagobah System
- Share The Love: Using ThreatConnect as a Threat Intelligence Sharing Platform for ISACs, ISAOs, and their Members
- Sharing Threat Intelligence Using STIX-TAXII
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Small Businesses – Often Overlooked, but Just as Vulnerable to Cyber Attacks
- SMS SPAM Domains
- SOAR: An Incident Responder’s Best Friend
- SOAR: Proactive Threat Hunting (Part 2)
- Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
- Step 1: Collect and Correlate Relevant Threat Data
- Stepping to Fancy Bear
- Strengthen Business and Security Alignment with ThreatConnect
- Take a Deep Dive into ThreatConnect’s Workflow Capabilities
- The FORCE of STIX & TAXII: Why STIX & TAXII are so Important to Financial Services Companies & EMEA
- The Foundation of Internet Trust May Be Crumbling - DigiNotar Certificate Authority Breached
- The Power and Responsibility of Customer Data and Analytics
- The Rise of Digitally Signed Malware
- The Secret to our (Customer) Success
- The Tao of Intel Driven Security
- The Technical Blogs and Reports Source
- There's More to Life than Zero-Days
- Threat Intelligence and Risk Management
- Threat Intelligence and the Downfall of the Galactic Empire
- Threat Intelligence Doesn't Have to Be Inconceivable
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect 5.7 Shows Advancements in Playbooks Capabilities
- ThreatConnect achieves ISO 27001:2013 certification
- ThreatConnect and Check Point: Better Endpoint Protection
- ThreatConnect and Cisco Identity Services Engine (ISE): Streamline Security Policy Updates
- ThreatConnect and Cisco Secure Access by Duo: Save time during IdAM Investigations
- ThreatConnect and Cylance: Better Endpoint Remediation
- ThreatConnect and Intel 471: Comprehensive Intelligence to Protect Your Mission
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and McAfee DXL: Better Integrations with the McAfee Stack
- ThreatConnect and Microsoft Graph: Integrate Seamlessly with the Microsoft Stack
- ThreatConnect and MITRE ATT&CK: Supporting Sub-techniques
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and PagerDuty: Better Alert Management
- ThreatConnect and ServiceNow: More Integrations for Better Context
- ThreatConnect and Shodan: Enrich threat data to enhance decision making
- ThreatConnect and Sigma Signatures: Increase Detection Capabilities
- ThreatConnect and Tanium: Improved Incident Response with Intel Packages
- ThreatConnect and the Rise of the Security Developer
- ThreatConnect and Twilio: Supporting human in the loop orchestration and SMS notifications
- ThreatConnect and VirusTotal: Enable YARA Hunting and Better Malware Analysis
- ThreatConnect and VMRay: Better Malware Analysis
- ThreatConnect and Zoom: Coordinated Communications as part of Incident Response
- ThreatConnect details Cancer Foundation Domain Squat Incident
- ThreatConnect details Westin Resort Domain Squat Incident
- ThreatConnect Episode IV: A New Scope
- ThreatConnect Introduces its Multi-Environment Orchestration Capability
- ThreatConnect Introduces Version 5.6
- ThreatConnect Launches Retail Community for Retailers to Collaborate Around Threat Intelligence
- ThreatConnect Lights Up Shellshock
- ThreatConnect Provides a Report on Healthcare and Medical Industry Threats
- ThreatConnect Releases 20 New Carbon Black Playbook Apps for CB Response
- ThreatConnect Research Roundup: Belarus, Ecuador, and Russia "News" Sites
- ThreatConnect Research Roundup: Kimsuky "AutoUpdate" Malware
- ThreatConnect Research Roundup: Microsoft-Spoofing Domains
- ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk, APT35, and CloudAtlas Infrastructure
- ThreatConnect Research Roundup: Probable Sandworm Infrastructure
- ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft
- ThreatConnect Research Roundup: Ryuk, RedDelta, APT34, and APT35
- ThreatConnect Research Roundup: SLOTHFULMEDIA RAT and Ryuk
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Research Roundup: Suspected Naikon DGA Domains
- ThreatConnect Research Roundup: Twitter Hacked and APT29 Targets COVID-19 Vaccine
- ThreatConnect Research Roundup: Wizard Spider / UNC1878 / Ryuk Campaign
- ThreatConnect Shares Incident Information a digitalmailer requested password change
- ThreatConnect Shares Incident Information for a new CryptXXX Ransomware Trojan
- ThreatConnect Shares Incident Information for Fake eBay Advertising Pages
- ThreatConnect Shares Incident Information on a Phishing Page Serving Fake Login for University
- ThreatConnect Shares Incident Information on an Exxon Mobil Domain Squat Employment Scam
- ThreatConnect Shares Incident Information on Bank of Brazil Phishing Malware
- ThreatConnect Shares Incident Information on Infected Pokemon Go Android Malware
- ThreatConnect Shares Incident Information on Kivuto FTP Server Hosting Bitcoin Mining Malware
- ThreatConnect Shares Incident Information on Major Financial Institution Domain Squat
- ThreatConnect Shares Incident Information on Malware Spoofing Domains
- ThreatConnect Shares Incident Information on PhotoMiner malware found on FTP servers
- ThreatConnect Shares Incident Information on PhotoMiner Worm Malware
- ThreatConnect Shares Incident Information on Suspicious Domains on Bitcoin DNS Nameservers
- ThreatConnect Shares Incident Information on the Adversary Obi Onyeka
- ThreatConnect Shares Incident Information on Turla APT satellite-based infrastructure
- ThreatConnect Shares Incident Information on Typosquatting Domains
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect: The Brain of Security
- ThreatConnect's RSA Archer Integration, Playbooks, and Apps (oh my!)
- ThreatConnect's Security Operations Maturity Model
- ThreatConnect’s Developer Partner Program: We Meme Business
- ThreatConnect’s Top 5 CAN’T MISS things to do while at the 2017 RSA Conference USA!
- ThreatConnect’s Top 5 Things to Do While at the 2016 FS-ISAC Fall Summit
- Top 5 ThreatConnect Resources for Malware Analysis
- Top 6 Reasons Why You Should Apply Intelligence to Automation and Orchestration
- Top Sessions To Attend At Gartner SRM 2020!
- Towards Data-Driven Threat Analysis
- Track to the Future
- Tracking Sunburst-Related Activity with ThreatConnect Dashboards
- Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
- Using ATT&CK in ThreatConnect to Prioritize, Ask Questions, and Respond Faster
- Welcome to the Age of Automated Cyber Risk Quantification
- What a post-investment world looks like for ThreatConnect customers
- What Can CAL™ (Collective Analytics Layer) Do For You?
- What is a Cyber Threat? How to Explain Cyber Threats to Your CEO
- What is a Security Operations and Analytics Platform?
- What the Verizon DBIR Says About Threat Intelligence Sharing
- What's in a Name Server?
- What's the RSA Conference About, Daddy?
- What’s in a Platform?
- When Dumpster Fires Make You WannaCry
- When You're a Platform, Everything Else is a Tool
- White House Initiative on Cyber Threat Sharing: A Good Start
- Who’s Next: A look at CAL 2.6’s latest additions
- Why Build Apps in ThreatConnect
- Why Your SOAR Needs Threat Intel Management, Not Feed Management
- Word Document Trojan Exploiting CVE-2015-2545
Cyber Risk Quantification
Fancy Bear
Featured Article
- (Un)Intended Side Effect of a Platform like ThreatConnect: Job Satisfaction
- 10 FREE Things You Can Do in TC Open - UPDATED
- 4 Signs of Disconnect Between The Board and The Security Team
- 5 Reasons CISOs Need Security Operations, Automation, and Orchestration (SOAR)
- 5 Reasons to Mark a False Positive in ThreatConnect
- 5 Things to Do at RSA 2018
- 5 Ways TIPs Can Enhance Your SIEM
- 5 Ways to Make Threat Analysis Actionable
- 7 Threat Intelligence Tools Your Team Needs
- 7 Tips for Working from Home
- A Song of Intel and Fancy
- A Tale of Two Targets
- Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
- Attacks on Insurers: Lessons Learned
- Automation Anxiety? Don’t Worry.
- Belling the BEAR
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices for Writing Playbooks, Part 2
- Black Hat 2020 Sessions Not to be Missed!
- Build a Single Source of Truth
- Building Daily Habits to Stay Ahead of Security Fires
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- CAL 2.3 Brings New Data Sources and Analytics Improvements to ThreatConnect
- Can a BEAR Fit Down a Rabbit Hole?
- Casting a Light on BlackEnergy
- China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us
- Community-Source Your Cybersecurity Concerns
- Creating Order from Chaos: Enabling (Even) Better Decision Making with ThreatConnect 6.0
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- CyberEdge Survey Results: Security Orchestration and Automation are the new Black
- Cybersecurity Heroes Wield the Power of ThreatConnect
- Cybersecurity Jobs and Impact on Future Training and Education
- Demystifying Intelligence Analysis
- Did You Know We Have A Knowledge Base?
- DNC Association Does Not Compute
- Do Androids Dream of Electric CALFs?
- Do You Make Swords, or Do You Wield Them?
- Does a BEAR Leak in the Woods?
- Don't Get Caught Up in the Hype of AI for Security
- Duping Doping Domains
- Empowering Better Security Operations with Intelligence
- FANCY BEAR Has an (IT) Itch that They Can't Scratch
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- Get Started with Cyber Threat Analysis: How to Research Ransomware
- Getting Back to the Basics of Actionable Threat Intelligence
- Getting Started with the ThreatConnect Query Language (TQL)
- Getting Started with Threat Intelligence: A Guide for Retailers
- Getting Started with Threat Intelligence: A Guide for the ONG Community
- Getting the Most out of Crowdsourcing Threat Intelligence
- Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
- Guccifer 2.0: All Roads Lead to Russia
- Guccifer 2.0: the Man, the Myth, the Legend?
- Hacktivists vs Faketivists: Fancy Bears in Disguise
- Herding Cattle: ThreatConnect’s Vision for Better Intel Feeds
- How Companies Use ThreatConnect To Create a System of Record: A Use Case
- How Companies Use ThreatConnect to Make Their Cybersecurity Programs More Efficient: A Use Case
- How Companies Use ThreatConnect When Building Their Cybersecurity Program: A Use Case
- How I Prevent a Hack Attack
- How to Build a Basic Workflow in ThreatConnect
- How to Choose the Right SOAR Platform: A Checklist
- How to Choose the Right Threat Intelligence Platform for You
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- How to Manage and Integrate Signatures in ThreatConnect
- How To Streamline Threat Intel Sharing Before Lunch
- How to Use Threat Intelligence & Orchestration to Defeat Stranger Threats
- Improving Accuracy and Efficiency in Security Operations with ThreatConnect
- Improving Team Retention with SOAR
- Integrations Aren't Just for Developers
- Intel’s in the way that you use it, Snoke don’t you know
- Introducing ThreatConnect's Intel Report Cards
- Introducing ThreatConnect's New Learning Portal
- Introducing ThreatConnect's Version 5.8
- Is Your Threat Intelligence Platform Just a Tool?
- Journal of Cyber Policy’s, Crouching Threat Hunter, Hidden Adversary
- Just the TIP of the Iceberg: Categorizing the Evolving Threat Intelligence Platform
- Kimsuky Phishing Operations Putting In Work
- Kinetic and Potential Energy Framework: Applying Thermodynamics to Threat Intelligence
- Let's Get Fancy
- Lights, Camera, Actionable Intelligence!
- Limiting Operational Impact in a COVID-World
- Luke in the Sky with Diamonds
- Maturing Your Cybersecurity Program
- May the Force (of Partnerships) Be With You
- Measuring the Detection and Response Gap
- Now Available: CAL COVID19-themed Newly Registered Domains Feed
- Offense Wins Games, Defense Wins Super Bowls
- Operationalizing Threat Intel: On the Importance of “Boring” Dashboards
- Orchestration With and Without Intelligence: What’s the Difference?
- Parlez-vous Fancy?
- Phantom of the Opaera: New KASPERAGENT Malware Campaign
- Playbook Fridays: Converting your IOCs to CSVs
- Please Do Not Feed the Phish
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- Query a Host or URL Indicator in Archive.org's Wayback Machine
- Quickly Assess Maliciousness of Suspicious Activity with “Analyze"
- Realizing the Benefits of Security Orchestration, Automation, and Response (SOAR)
- Rebooting Watergate: Tapping into the Democratic National Committee
- Recommended Labor Day Reading for the Threat Analyst
- Research One: A ThreatConnect Story
- Research Roundup: Activity on Previously Identified APT33 Domains
- Research Roundup: FBI/NSA Fancy Bear Report Followup
- Research Roundup: Kimsuky Phishing Operations Putting in Work
- Research Roundup: Microsoft Strontium Sinkhole Domain Sibling
- Research Roundup: Recent Probable Charming Kitten Infrastructure
- Risk Quantification, Threat Intelligence & Automation: Stronger Together
- Rock-Paper-Haxors
- ROI for Threat Intelligence
- Russian Cyber Operations on Steroids
- Save Time and Accomplish More with Playbooks
- Share The Love: Using ThreatConnect as a Threat Intelligence Sharing Platform for ISACs, ISAOs, and their Members
- Sharing Threat Intelligence Using STIX-TAXII
- Shiny Object? Guccifer 2.0 and the DNC Breach
- SOAR: An Incident Responder’s Best Friend
- Step 1: Collect and Correlate Relevant Threat Data
- Stepping to Fancy Bear
- Strengthen Business and Security Alignment with ThreatConnect
- Take a Deep Dive into ThreatConnect’s Workflow Capabilities
- The Best Threat Intelligence Feeds
- The Cost of Bad Threat Intelligence
- The Dollars and "Sense" Behind Threat Intelligence Sharing
- The FORCE of STIX & TAXII: Why STIX & TAXII are so Important to Financial Services Companies & EMEA
- The Power and Responsibility of Customer Data and Analytics
- The Secret to our (Customer) Success
- The Tao of Intel Driven Security
- The Technical Blogs and Reports Source
- There's More to Life than Zero-Days
- Threat Intelligence and Risk Management
- Threat Intelligence and the Downfall of the Galactic Empire
- Threat Intelligence Doesn't Have to Be Inconceivable
- Threat Intelligence in 3rd Party Risk Assessment
- Threat Intelligence Processes are a Journey; Not a Destination
- Threat Intelligence within the Risk Management Process
- Threat Intelligence-Driven Risk Analysis
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect achieves ISO 27001:2013 certification
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and MITRE ATT&CK: Supporting Sub-techniques
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and ServiceNow: More Integrations for Better Context
- ThreatConnect and Sigma Signatures: Increase Detection Capabilities
- ThreatConnect and Tanium: Improved Incident Response with Intel Packages
- ThreatConnect and the Rise of the Security Developer
- ThreatConnect and Twilio: Supporting human in the loop orchestration and SMS notifications
- ThreatConnect and VMRay: Better Malware Analysis
- ThreatConnect Episode IV: A New Scope
- ThreatConnect Introduces its Multi-Environment Orchestration Capability
- ThreatConnect Officially Launches an Exclusive Subscriber Community with Advanced Threat Shares
- ThreatConnect Provides a Report on Healthcare and Medical Industry Threats
- ThreatConnect Research Roundup: Belarus, Ecuador, and Russia "News" Sites
- ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk Infrastructure
- ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Research Roundup: Twitter Hacked and APT29 Targets COVID-19 Vaccine
- ThreatConnect Takes Signature Management to the Next Level
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect: The Brain of Security
- ThreatConnect's Security Operations Maturity Model
- ThreatConnect’s Developer Partner Program: We Meme Business
- ThreatConnect’s Top 5 CAN’T MISS things to do while at the 2017 RSA Conference USA!
- ThreatConnect’s Top 5 Things to Do While at the 2016 FS-ISAC Fall Summit
- Top 6 Reasons Why You Should Apply Intelligence to Automation and Orchestration
- Top Sessions To Attend At Gartner SRM 2020!
- Towards Data-Driven Threat Analysis
- Track to the Future
- Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
- Using ATT&CK in ThreatConnect to Prioritize, Ask Questions, and Respond Faster
- Welcome to the Age of Automated Cyber Risk Quantification
- What a post-investment world looks like for ThreatConnect customers
- What Can CAL™ (Collective Analytics Layer) Do For You?
- What is a Cyber Threat? How to Explain Cyber Threats to Your CEO
- What is a Security Operations and Analytics Platform?
- What is a Threat Intelligence Platform
- What the Verizon DBIR Says About Threat Intelligence Sharing
- What's in a Name Server?
- What's the RSA Conference About, Daddy?
- What’s in a Platform?
- When Dumpster Fires Make You WannaCry
- When You're a Platform, Everything Else is a Tool
- Why Build Apps in ThreatConnect
How-to Guides
- 10 FREE Things You Can Do in TC Open - UPDATED
- 5 Tips For Effective Threat Intelligence
- 5 Ways to Make Threat Analysis Actionable
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices for Writing Playbooks in ThreatConnect, Part 1
- Best Practices: Indicator Rating and Confidence
- Casting a Light on BlackEnergy
- Community-Source Your Cybersecurity Concerns
- Did You Know We Have A Knowledge Base?
- Get Started with Cyber Threat Analysis: How to Research Ransomware
- Getting Back to the Basics of Actionable Threat Intelligence
- Growing a Threat Intelligence Program is like Growing a Beard
- How Companies Use ThreatConnect To Create a System of Record: A Use Case
- How Companies Use ThreatConnect to Make Their Cybersecurity Programs More Efficient: A Use Case
- How Companies Use ThreatConnect When Building Their Cybersecurity Program: A Use Case
- How to Build a Basic Workflow in ThreatConnect
- How to Manage and Integrate Signatures in ThreatConnect
- How To Streamline Threat Intel Sharing Before Lunch
- Intel’s in the way that you use it, Snoke don’t you know
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: OneMillion API Component
- Playbook Fridays: Reporting Through Email Attachment
- Please Do Not Feed the Phish
- Query a Host or URL Indicator in Archive.org's Wayback Machine
- Step 1: Collect and Correlate Relevant Threat Data
- Stepping to Fancy Bear
- Take a Deep Dive into ThreatConnect’s Workflow Capabilities
- The Power and Responsibility of Customer Data and Analytics
- Threat Intelligence in 3rd Party Risk Assessment
- ThreatConnect 5.7 Shows Advancements in Playbooks Capabilities
- ThreatConnect How To: Importing Indicators
- ThreatConnect How To: Pivoting & Exporting Data
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- Top 5 ThreatConnect Resources for Malware Analysis
- What is a Cyber Threat? How to Explain Cyber Threats to Your CEO
Playbook Fridays
- Orchestrate Actions Based on Automating Phishing Email Analysis
- Playbook Fridays: Using Playbooks to populate custom attributes
- Playbook Fridays: Arithmetic Functions Component
- Playbook Fridays: Associated Indicator Metadata Creator
- Playbook Fridays: ATT&CK Tag Framework
- Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
- Playbook Fridays: Bit.ly URL Decoder
- Playbook Fridays: Component IOC All Data Pull
- Playbook Fridays: Conducting VMRay Malware Analysis
- Playbook Fridays: Converting Apps
- Playbook Fridays: Converting your IOCs to CSVs
- Playbook Fridays: CrowdStrike Snort Rules Ingest
- Playbook Fridays: dan.me TOR Full List with Details
- Playbook Fridays: Deploying Yara Signature to Carbon Black CB Response
- Playbook Fridays: Document Parsing and Keyword Scanning/Tagging
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: DomainTools Iris Investigate Monitor
- Playbook Fridays: Forcing Active Directory (AD) Password Resets via ThreatConnect Victims
- Playbook Fridays: Generate Intelligence Reports
- Playbook Fridays: Generate Intelligence Reports, Part 2
- Playbook Fridays: Google Alerts RSS Reader
- Playbook Fridays: Group and Indicator Comment Link Creators
- Playbook Fridays: Have You Been Pwned?
- Playbook Fridays: How to Build a Playbook in ThreatConnect
- Playbook Fridays: How to Control the Cloud with Playbooks
- Playbook Fridays: How to Create a Playbook for the Non-Programmer
- Playbook Fridays: How to Query Abuse.net with Playbooks
- Playbook Fridays: How to Use ThreatConnect Playbooks to Manage Security APIs
- Playbook Fridays: Human in the Loop Playbook Systems
- Playbook Fridays: Indicator Defanging
- Playbook Fridays: Indicator Status Updater Playbook Component
- Playbook Fridays: Koodous Playbook Components
- Playbook Fridays: Leveraging ThreatConnect to Enrich Greynoise IOCs
- Playbook Fridays: New ThreatConnect App for Splunk 3.1
- Playbook Fridays: Potential Zoom-related Threats Dashboard
- Playbook Fridays: QRadar Tag Search in ThreatConnect
- Playbook Fridays: Query Cymon.io API
- Playbook Fridays: Query Hashes via Email Submission
- Playbook Fridays: Query Jira for Ticket Information
- Playbook Fridays: Query Palo Alto Wildfire For New Submissions / Submit Wildfire Binary to VMRay
- Playbook Fridays: Reporting Through Email Attachment
- Playbook Fridays: Robtex ASN Query and Robtex IP Query
- Playbook Fridays: Taking Screenshots with a Playbook
- Playbook Fridays: Task Management
- Playbook Fridays: The Indicator Importer Spaces App
- Playbook Fridays: Web Page Monitoring
- Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
Playbooks
- Best Practices for Writing Playbooks in ThreatConnect, Part 1
- Best Practices for Writing Playbooks, Part 2
- How to Use Workflow to Conduct Phishing Analysis Part 2 - Automating Phase 1
- Orchestrate Actions Based on Automating Phishing Email Analysis
- Playbook Fridays: Arithmetic Functions Component
- Playbook Fridays: ATT&CK Tag Framework
- Playbook Fridays: Converting your IOCs to CSVs
- Playbook Fridays: Domain Spinning Workbench Spaces App
- Playbook Fridays: Forcing Active Directory (AD) Password Resets via ThreatConnect Victims
- Playbook Fridays: Generate Intelligence Reports, Part 2
- Playbook Fridays: Github Activity Monitor
- Playbook Fridays: Human in the Loop Playbook Systems
- Playbook Fridays: OneMillion API Component
- Playbook Fridays: Web Page Monitoring
- Playbook Fridays: WhatCMS API Playbook
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- Special Playbook Fridays: COVID-19 Dashboard, Metrics, and Search
- ThreatConnect and AlienLabs OTX: Give Your Investigations Community Support
- ThreatConnect and Check Point: Better Endpoint Protection
- ThreatConnect and Microsoft Graph: Integrate Seamlessly with the Microsoft Stack
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and Shodan: Enrich threat data to enhance decision making
- ThreatConnect and Twilio: Supporting human in the loop orchestration and SMS notifications
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect's RSA Archer Integration, Playbooks, and Apps (oh my!)
Product News
- Best Practices for Dashboards in Cybersecurity and Threat Intelligence
- Best Practices: Indicator Rating and Confidence
- CAL 2.3 Brings New Data Sources and Analytics Improvements to ThreatConnect
- CAL™ 2.2 Brings Improved Data Hygiene and More Robust Graph Modeling
- Community-Source Your Cybersecurity Concerns
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- Cybersecurity Heroes Wield the Power of ThreatConnect
- Do Androids Dream of Electric CALFs?
- Good News! ThreatConnect’s CAL™ (Collective Analytics Layer) 2.1 is now live!
- Herding Cattle: ThreatConnect’s Vision for Better Intel Feeds
- How to Manage and Integrate Signatures in ThreatConnect
- Introducing ThreatConnect's New Learning Portal
- Introducing ThreatConnect's Version 5.8
- ISAC & ISAO Financial Incentives for Sharing Threat Intelligence Emerge
- ISAO Standards and Cybersecurity Collaboration: One Year Later
- Network Health: Advanced Cyber Threats to the Medical & Life Sciences Industries
- Now Available: CAL COVID19-themed Newly Registered Domains Feed
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- Quickly Assess Maliciousness of Suspicious Activity with “Analyze"
- Research Roundup: Kimsuky Phishing Operations Putting in Work
- Research Roundup: Mustang Panda and RedDelta PlugX Using Same C2
- Rock-Paper-Haxors
- ROI for Threat Intelligence
- Save Time and Accomplish More with Playbooks
- The Cost of Bad Threat Intelligence
- Threat Intelligence Sharing is Real
- Threat Intelligence Sharing: Empower Your Cyber Defense
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect and Cylance: Better Endpoint Remediation
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and Maltego
- ThreatConnect and Microsoft Graph: Integrate Seamlessly with the Microsoft Stack
- ThreatConnect and MITRE ATT&CK: Supporting Sub-techniques
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and ServiceNow: More Integrations for Better Context
- ThreatConnect and Shodan: Enrich threat data to enhance decision making
- ThreatConnect and Sigma Signatures: Increase Detection Capabilities
- ThreatConnect and Tanium: Improved Incident Response with Intel Packages
- ThreatConnect and Twilio: Supporting human in the loop orchestration and SMS notifications
- ThreatConnect and VMRay: Better Malware Analysis
- ThreatConnect Announced as SmartCEO 2015 GovStar Awards Finalist
- ThreatConnect Announces Investment from Grotech Ventures
- ThreatConnect Communities: A Swiss Army Knife in Your Collaboration Arsenal
- ThreatConnect Community Success Story: The Rubber Meets the Road
- ThreatConnect Enables “Healthy Networking” for the Biomed and Life Sciences Industry
- ThreatConnect Industry Communities - Paying it Forward Produces Big Gains
- ThreatConnect Introduces its Multi-Environment Orchestration Capability
- ThreatConnect Introduces Version 5.6
- ThreatConnect Launches Retail Community for Retailers to Collaborate Around Threat Intelligence
- ThreatConnect Lights Up Shellshock
- ThreatConnect Officially Launches an Exclusive Subscriber Community with Advanced Threat Shares
- ThreatConnect Releases 20 New Carbon Black Playbook Apps for CB Response
- ThreatConnect Takes Signature Management to the Next Level
- ThreatConnect: The Brain of Security
- ThreatConnect's RSA Archer Integration, Playbooks, and Apps (oh my!)
- Tracking Sunburst-Related Activity with ThreatConnect Dashboards
- Using ATT&CK in ThreatConnect to Prioritize, Ask Questions, and Respond Faster
Research
- A Song of Intel and Fancy
- A Tale of Two Targets
- Belling the BEAR
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- Can a BEAR Fit Down a Rabbit Hole?
- Cyber Stratego: Strategic vs. Tactical Threat Intelligence
- DNC Association Does Not Compute
- Do You Make Swords, or Do You Wield Them?
- Does a BEAR Leak in the Woods?
- Duping Doping Domains
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- How to Choose the Right Threat Intelligence Platform for You
- Infrastructure Research and Hunting: Boiling the Domain Ocean
- Let's Get Fancy
- Lights, Camera, Actionable Intelligence!
- Parlez-vous Fancy?
- Parlez-vous Fancy?
- Recommended Labor Day Reading for the Threat Analyst
- Research One: A ThreatConnect Story
- Research Roundup: Activity on Previously Identified APT33 Domains
- Research Roundup: APT39 Adversaries
- Research Roundup: FBI/NSA Fancy Bear Report Followup
- Research Roundup: Kimsuky Phishing Operations Putting in Work
- Research Roundup: Microsoft Strontium Sinkhole Domain Sibling
- Research Roundup: Mustang Panda and Fancy Bear
- Research Roundup: Mustang Panda and RedDelta PlugX Using Same C2
- Research Roundup: Mustang Panda PlugX Variant Samples and Decryption Script
- Research Roundup: Recent Probable Charming Kitten Infrastructure
- Research Roundup: Suspicious Domain Redirects to Google Account Security Page
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Stepping to Fancy Bear
- ThreatConnect Research Roundup: Kimsuky "AutoUpdate" Malware
- ThreatConnect Research Roundup: Microsoft-Spoofing Domains
- ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk, APT35, and CloudAtlas Infrastructure
- ThreatConnect Research Roundup: Probable Sandworm Infrastructure
- ThreatConnect Research Roundup: Ryuk, RedDelta, APT34, and APT35
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Research Roundup: Suspected Naikon DGA Domains
- ThreatConnect Research Roundup: Twitter Hacked and APT29 Targets COVID-19 Vaccine
- What's in a Name Server?
Risk-Threat-Response
RQ
SOAR
- 10 FREE Things You Can Do in TC Open - UPDATED
- 5 Reasons CISOs Need Security Operations, Automation, and Orchestration (SOAR)
- Black Hat 2020 Sessions Not to be Missed!
- Build a Single Source of Truth
- Do Androids Dream of Electric CALFs?
- Empowering Better Security Operations with Intelligence
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- Improving Accuracy and Efficiency in Security Operations with ThreatConnect
- Improving Team Retention with SOAR
- Integrations Aren't Just for Developers
- Journal of Cyber Policy’s, Crouching Threat Hunter, Hidden Adversary
- Limiting Operational Impact in a COVID-World
- Orchestration With and Without Intelligence: What’s the Difference?
- Playbook Fridays: Arithmetic Functions Component
- Playbook Fridays: Converting Apps
- Playbook Fridays: Converting your IOCs to CSVs
- Playbook Fridays: DomainTools Iris Investigate Monitor
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- Reactive Threat Hunting (Part 1): Providing the information that matters, when it matters.
- Realizing the Benefits of Security Orchestration, Automation, and Response (SOAR)
- Research Roundup: Activity on Previously Identified APT33 Domains
- Research Roundup: APT39 Adversaries
- Research Roundup: FBI/NSA Fancy Bear Report Followup
- Research Roundup: Microsoft Strontium Sinkhole Domain Sibling
- Research Roundup: Mustang Panda and Fancy Bear
- Research Roundup: Mustang Panda and RedDelta PlugX Using Same C2
- Research Roundup: Mustang Panda PlugX Variant Samples and Decryption Script
- Research Roundup: Recent Probable Charming Kitten Infrastructure
- Research Roundup: Suspicious Domain Redirects to Google Account Security Page
- SOAR: An Incident Responder’s Best Friend
- SOAR: Proactive Threat Hunting (Part 2)
- Strengthen Business and Security Alignment with ThreatConnect
- Take a Deep Dive into ThreatConnect’s Workflow Capabilities
- ThreatConnect and Cylance: Better Endpoint Remediation
- ThreatConnect and Jira: Automating Processes Made Easier
- ThreatConnect and Microsoft Graph: Integrate Seamlessly with the Microsoft Stack
- ThreatConnect and MITRE ATT&CK: Supporting Sub-techniques
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and Shodan: Enrich threat data to enhance decision making
- ThreatConnect and Sigma Signatures: Increase Detection Capabilities
- ThreatConnect and Tanium: Improved Incident Response with Intel Packages
- ThreatConnect and Twilio: Supporting human in the loop orchestration and SMS notifications
- ThreatConnect and VMRay: Better Malware Analysis
- ThreatConnect Research Roundup: Kimsuky "AutoUpdate" Malware
- ThreatConnect Research Roundup: Microsoft-Spoofing Domains
- ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk, APT35, and CloudAtlas Infrastructure
- ThreatConnect Research Roundup: Probable Sandworm Infrastructure
- ThreatConnect Research Roundup: Ryuk, RedDelta, APT34, and APT35
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Research Roundup: Suspected Naikon DGA Domains
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect: The Brain of Security
- ThreatConnect's Security Operations Maturity Model
- ThreatConnect’s Developer Partner Program: We Meme Business
- Top Sessions To Attend At Gartner SRM 2020!
- Tracking Sunburst-Related Activity with ThreatConnect Dashboards
- Why Your SOAR Needs Threat Intel Management, Not Feed Management
Star Wars
- Camerashy on You Crazy Diamond
- CameraShy: Infrastructure Analysis
- Intel’s in the way that you use it, Snoke don’t you know
- Luke in the Sky with Diamonds
- May the Force (of Partnerships) Be With You
- May the Fourth be with you: A Star Wars InfoSec Bibliography
- Offense Wins Games, Defense Wins Super Bowls
- Piercing the Cow's Tongue: China Targeting South China Seas Nations
- Sending Aspiring Jedi Knights to Dagobah System
- Threat Intelligence and the Downfall of the Galactic Empire
- Threat Intelligence-Driven Risk Analysis
- ThreatConnect Episode IV: A New Scope
Threat Research
- 7 Threat Intelligence Tools Your Team Needs
- A Song of Intel and Fancy
- A Tale of Two Koreas: Keeping Watch over the Digital DMZ
- A Tale of Two Targets
- Adversary Intelligence: Getting Behind the Keyboard
- APT #TargetedAttacks within @SocialMedia
- Burning Down the House for Fun and Profit
- Camerashy on You Crazy Diamond
- CameraShy: Infrastructure Analysis
- Can a BEAR Fit Down a Rabbit Hole?
- China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us
- Debugging the Pakistan Cyber Army: From Pakbugs to Bitterbugs
- Divide and Conquer: Unmasking China's 'Quarian' Campaigns Through Community
- DNC Association Does Not Compute
- Do You Make Swords, or Do You Wield Them?
- Duping Doping Domains
- FANCY BEAR Has an (IT) Itch that They Can't Scratch
- Fancy Bear Pens the Worst Blog Posts Ever
- Finding Nemo(hosts)
- Getting “Left of Boom": How ThreatConnect Enables Proactive Cybersecurity
- Guccifer 2.0: All Roads Lead to Russia
- Guccifer 2.0: the Man, the Myth, the Legend?
- Hacktivists vs Faketivists: Fancy Bears in Disguise
- Hiding in the Clouds: Leveraging Social Media for Cyber Attacks
- Hipster-Analytics: Throwback Analysis of an Overlooked Advanced Persistent Threat
- Holiday Aspxor Mimics Retailers
- I Got 99 Problems But a Phish Ain’t One
- Infrastructure Research and Hunting: Boiling the Domain Ocean
- Just the Tip of the Iceberg
- Khaan Quest: Chinese Cyber Espionage Targeting Mongolia
- Killing with a Borrowed Knife: Chaining Core Cloud Service Profile Infrastructure for Cyber Attacks
- Kimsuky Phishing Operations Putting In Work
- Let's Get Fancy
- Network Health: Advanced Cyber Threats to the Medical & Life Sciences Industries
- Old Habits Die Hard: Iterative Intelligence & Comment Crew Activity
- Operation Arachnophobia: The Spy-der Who Loved Me
- Operation Poisoned Helmand
- Operation SMN: From Sharing to Acting on Threat Intelligence
- OPM Breach Analysis
- OPM Breach Analysis: Update
- Parlez-vous Fancy?
- Phantom of the Opaera: New KASPERAGENT Malware Campaign
- Piercing the Cow's Tongue: China Targeting South China Seas Nations
- Playbook Fridays: How to Query Abuse.net with Playbooks
- Playbook Fridays: Task Management
- Premera Latest Healthcare Insurance Agency to be Breached
- Project CAMERASHY: Closing the Aperture on China’s Unit 78020
- Rebooting Watergate: Tapping into the Democratic National Committee
- Research One: A ThreatConnect Story
- Research Roundup: Activity on Previously Identified APT33 Domains
- Research Roundup: APT39 Adversaries
- Research Roundup: FBI/NSA Fancy Bear Report Followup
- Research Roundup: Kimsuky Phishing Operations Putting in Work
- Research Roundup: Microsoft Strontium Sinkhole Domain Sibling
- Research Roundup: Mustang Panda and Fancy Bear
- Research Roundup: Mustang Panda and RedDelta PlugX Using Same C2
- Research Roundup: Mustang Panda PlugX Variant Samples and Decryption Script
- Research Roundup: Recent Probable Charming Kitten Infrastructure
- Research Roundup: Suspicious Domain Redirects to Google Account Security Page
- Rising from the Ashes: The Return of the Crew
- Russian Cyber Operations on Steroids
- Sending Aspiring Jedi Knights to Dagobah System
- Shiny Object? Guccifer 2.0 and the DNC Breach
- Stepping to Fancy Bear
- The Anthem Hack: All Roads Lead to China
- The Dollars and "Sense" Behind Threat Intelligence Sharing
- The Technical Blogs and Reports Source
- There's something about Mahdi
- Threat Intelligence in 3rd Party Risk Assessment
- Threat Intelligence-Driven Risk Analysis
- ThreatConnect Aids Novetta Research for Operation Blockbuster
- ThreatConnect Enables “Healthy Networking” for the Biomed and Life Sciences Industry
- ThreatConnect Gets to the Root of Targeted Exploitation Campaigns
- ThreatConnect Officially Launches an Exclusive Subscriber Community with Advanced Threat Shares
- ThreatConnect Research Roundup: Belarus, Ecuador, and Russia "News" Sites
- ThreatConnect Research Roundup: Kimsuky "AutoUpdate" Malware
- ThreatConnect Research Roundup: Microsoft-Spoofing Domains
- ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
- ThreatConnect Research Roundup: Possible Ryuk Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk, APT35, and CloudAtlas Infrastructure
- ThreatConnect Research Roundup: Probable Sandworm Infrastructure
- ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft
- ThreatConnect Research Roundup: Ryuk, RedDelta, APT34, and APT35
- ThreatConnect Research Roundup: Suspected Naikon DGA Domains
- ThreatConnect Research Roundup: Twitter Hacked and APT29 Targets COVID-19 Vaccine
- Track to the Future
- Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
- Victim-nomics: Estimating the “Costs” of Compromise
- What's in a Name Server?
- When Dumpster Fires Make You WannaCry
- Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up
ThreatConnect Events
- Intel’s in the way that you use it, Snoke don’t you know
- ThreatConnect 4.0 : Now with a Real Dashboard
- ThreatConnect at FS-ISAC Fall Summit
- ThreatConnect at RSA 2017
- ThreatConnect at SANS CDI
- ThreatConnect at Splunk .conf2016
- ThreatConnect at Virus Bulletin International Conference
- ThreatConnect’s Top 5 CAN’T MISS things to do while at the 2017 RSA Conference USA!
TIP
- 10 FREE Things You Can Do in TC Open - UPDATED
- 5 Ways TIPs Can Enhance Your SIEM
- Black Hat 2020 Sessions Not to be Missed!
- Do Androids Dream of Electric CALFs?
- Empowering Better Security Operations with Intelligence
- Integrations Aren't Just for Developers
- Limiting Operational Impact in a COVID-World
- Orchestration With and Without Intelligence: What’s the Difference?
- Playbook Fridays: Arithmetic Functions Component
- Playbook Fridays: Converting your IOCs to CSVs
- Prioritize and Mitigate Threats More Efficiently with ThreatConnect and DomainTools
- Realizing the Benefits of Security Orchestration, Automation, and Response (SOAR)
- Research Roundup: Activity on Previously Identified APT33 Domains
- Research Roundup: APT39 Adversaries
- Research Roundup: FBI/NSA Fancy Bear Report Followup
- Research Roundup: Microsoft Strontium Sinkhole Domain Sibling
- Research Roundup: Mustang Panda and Fancy Bear
- Research Roundup: Mustang Panda and RedDelta PlugX Using Same C2
- Research Roundup: Mustang Panda PlugX Variant Samples and Decryption Script
- Research Roundup: Recent Probable Charming Kitten Infrastructure
- Research Roundup: Suspicious Domain Redirects to Google Account Security Page
- Strengthen Business and Security Alignment with ThreatConnect
- ThreatConnect and Cylance: Better Endpoint Remediation
- ThreatConnect and Microsoft Graph: Integrate Seamlessly with the Microsoft Stack
- ThreatConnect and MITRE ATT&CK: Supporting Sub-techniques
- ThreatConnect and Okta: Save time with IAM Investigations
- ThreatConnect and Shodan: Enrich threat data to enhance decision making
- ThreatConnect and Sigma Signatures: Increase Detection Capabilities
- ThreatConnect and Tanium: Improved Incident Response with Intel Packages
- ThreatConnect and VMRay: Better Malware Analysis
- ThreatConnect Research Roundup: Kimsuky "AutoUpdate" Malware
- ThreatConnect Research Roundup: Microsoft-Spoofing Domains
- ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
- ThreatConnect Research Roundup: Possible APT33 Infrastructure
- ThreatConnect Research Roundup: Possible Ryuk, APT35, and CloudAtlas Infrastructure
- ThreatConnect Research Roundup: Probable Sandworm Infrastructure
- ThreatConnect Research Roundup: Ryuk, RedDelta, APT34, and APT35
- ThreatConnect Research Roundup: Spoofing SharePoint
- ThreatConnect Research Roundup: Suspected Naikon DGA Domains
- ThreatConnect Research Roundup: Twitter Hacked and APT29 Targets COVID-19 Vaccine
- ThreatConnect Training: Save Time and Act Faster with Playbooks
- ThreatConnect: Mission Control for U.S. Government Cyber Operations
- ThreatConnect’s Developer Partner Program: We Meme Business
- Top Sessions To Attend At Gartner SRM 2020!
- Tracking Sunburst-Related Activity with ThreatConnect Dashboards
Uncategorized
- 64 bit Quarian APT Malware
- Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
- How to Improve Collaboration with Security Teams and Technology using ThreatConnect
- Playbook Fridays: Automatically import and tag your RSS feed data with Covid-19 Tags
- Playbook Fridays: Converting Apps
- Playbook Fridays: DomainTools Iris Investigate Monitor