Contents x
      ThreatConnect Tip 2.2.2
      • 06 Apr 2025
      • 2 Minutes to read
      • Dark
        Light
      • PDF
      Contents

      ThreatConnect Tip 2.2.2

      • Updated on 06 Apr 2025
      • 2 Minutes to read
      • Dark
        Light
      • PDF
      Article summary

      ThreatConnect Tip - 2.2.2

      tags: python | Indicator Enrichment | Threat Intelligence Platform | Cyber Risk Quantification

      Table of Contents

      Description

      Integration with Threat Connect Threat Intelligence Platform (TIP) is created to support CDC users by providing the enrichments consisting of IOCs and other Threat Intelligence related information; which enable CDC users to take an informed decision in Incident response.

      The Threat Connect Threat Intelligence Platform (TIP) centralizes and operationalizes thousands of sources of intelligence for streamlined investigation and faster threat blocking. IOCs and other threat indicators are enriched using digital assets and prioritized by severity, bringing context and clarity to threat feeds. It helps by Finding and using relevant intelligence, Measuring risk based on current known vulnerabilities and using threat intelligence for detection.

      This integration was completed with the help of Threat connect - TcEX framework, which enable accessing information from Threat Connect platform easy as against usual APIs.

      We use custom adaptive cards to display large amount of Threat data in meaningful intuitive GUI, to facilitate easy understanding of complex Threat Intel data.

      We have provided single Cli command to cater to different parameters, all user need to do is change the parameters and corresponding results will be shown in custom Adaptive card. Moreover with help of auto enrichment similar Threat Intelligence information is also made available as observables.

      Integration Type:Threat Intelligence Enrichment
      Information Enriched:Threat Intelligence information for parameter like IP Address / URL / Hash values etc.
      API Supported:TcEX Framework based on RestAPI
      Input:One of the parameters from following list ( "Address", "File", "Url", "Host", "EmailAddress", "ASN", "CIDR", "Mutex", "Registry Key", "User Agent.
      Output:Detailed enrichment consisting of IOCs and other threat indicators related information of provided Input parameters.

      Customer Configuration

      No Customer Configuration

      CDC Command Lines

      • enrich_indicator_by_tc_id_cli
        This CLi provide capability to enrich the indicator/observable related information from ThreatConnect TIP for the specified observable or threatconnect id (tc_id) provided as parameter in Cli
      OptionTypeDescriptionRequired
      iocAnyobservable data or tc id.True
      • enrich_pre_define_indicator_cli
        This CLi provide capability to enrich the indicator related information from ThreatConnect TIP for the specific indicator type and value provided as parameter in Cli.
      OptionTypeDescriptionRequired
      indicator_valuestringindicator value for various indicator type.True
      indicator_typestringIndicator value from Address, Url, EmailAddress, File, Host, User Agent, Registry Key, Mutex, ASN and CIDRTrue

      Workflows

      • enrich_by_id_workflow
        enrich by id workflow

      • post_enrich_pre_define_indicator
        Post enrich-pre-define-indicator in CDC by ID of incident/message/chanel.

      Rules

      No rules

      Sensors

      No sensors

      Triggers

      No triggers

      Known Issues

      Was this article helpful?
      What's Next