By Need

ThreatConnect for
Case Management

Automate case creation and data enrichment for smarter and faster investigation. Generate intelligence from cases to use for future decision making.

Improve Response Times with Documented Processes
Automate Artifact Creation and Enrichment
Correlate Cases to Historical Data and Patterns
Improve Security Team Collaboration
Auto-generate Timeline Log Activity

Customizable Templates for
Flexible Documentation of Processes

Design Workflow templates or leverage ThreatConnect-built templates, then import those templates into your organization’s insance for further customization and usage. Documenting your processes, while still allowing for the necessary flexibility required with investigations, begins response efforts more quickly and creates consistency across your team.

Automate the Creation and Enrichment of Artifacts

Automatically complete designated parts of your Workflow with Playbooks and save relevant information back to the Case as Artifacts for further usage and analysis. Leverage data from ThreatConnect’s CAL™ to gain more insight into intel-related Artifacts such as IP addresses, emails, or URLs. Then, add those Artifacts back into ThreatConnect’s intelligence repository to help during future investigations and across other team initiatives.

Identify Associations and Patterns
That Exist Across Cases and Threat Intel

As team members make their way through an investigation, any Case with similar Artifacts is automatically grouped and displayed as a Related Case for further analysis. Users are also able to define their own criteria for defining relationships across Cases and make the connection manually. A Platform-wide tagging system groups similar Cases and related threat intelligence in ThreatConnect to identify patterns and trends. For example, use Tags to group together observations of specific MITRE ATT&CK Techniques to understand what’s being seen most in your environment, then display that information directly on your Dashboard.

Increase Team Collaboration and Dialogue

Get your entire security team working out of one Platform to ensure efforts are being streamlined across case management, security orchestration, and threat intelligence initiatives. Within a Case, add Notes for additional context to what’s happening during an investigation and communicate that with other team members.

Understand Case Progression with Automatic Timeline Generation

An auto-generated Timeline provides you with a recount of all activity happening in a specific Case. The ability to log all activities allows you to dig deeper into granular details and understand what happened throughout the life of an investigation.