ThreatConnect 2.2.6

tags: python | Threat Intelligence Platform | Cyber Risk Quantification

Description

ThreatConnect is the only platform to unite Cyber Risk Quantification (RQ), Threat Intelligence Platform (TIP), and Security Orchestration and Response (SOAR) capabilities, ThreatConnect is a decision and operational support platform that aligns the entire security lifecycle to the goal of reducing risk.

The ThreatConnect platform delivers orchestration and automation capabilities that reduce job complexity for every stakeholder – from security executives, to risk teams, to threat intelligence experts, to security operations personnel and incident responders.

ThreatConnect is the only solution that natively combines cyber risk quantification, threat intelligence, orchestration and automation, analytics, and templated workflows relevant for all stakeholders – security and business executives, risk, threat intelligence, vulnerability, operations, and response.

Integration of ThreatConnect with the CDC includes the injection of ThreatConnect incidents as alerts in the CDC, with Associated Groups, Tags, Security Label, Attributes, and many other fields.

Customer Configuration

No customer configuration

CDC Command Lines

No CDC command lines

Workflows

* **inject_tc_alert_to_cdc**
Inject ThreatConnect alert to the CDC using the CDC Async API.

* **process_yara_files**
Process Yara files.

Rules

* **cdc_new_alert_from_threatconnect**
Triggering injects a new alert to the CDC workflow when a new alert is created in ThreatConnect.

Sensors

* **ThreatConnectSensor**
Sensor to pull reported incidents from ThreatConnect.

Poll interval - 60s

Triggers

No triggers

Known Issues

No known issues