We use ThreatBook to have overview visibility of all our assets including if there are any compromised hosts or if there are any incoming attacks from external threats. When we first deployed ThreatBook in our environment, it gave us a very immediate quick overview of our asset categories and quickly detected compromised hosts, including suspected crypto mining on one of our assets. We were able to attribute quite quickly to the compromised hosts what IP it was and if there were any affected other IPs around our network environment. We check our ThreatBook dashboard every two to three days to see if there are any new compromised hosts or if there are any brute force attacks on any of our assets.
Mainly, we use ThreatBook TDP to monitor the east-west and north-south network traffic, detect abnormal behaviors, and provide contextual intelligence to support our threat hunting and incident response. ThreatBook helps with our threat hunting and incident response by providing very high accurate threat intelligence, aggregating all the alerts from attacker perspectives, and showing me all the attack paths, which helps us easily to do the attribution and threat investigation. One more thing is that ThreatBook has very low false positives, which allows us to focus on the real threats and reduces a lot of work on noise reduction. During incident response scenarios, ThreatBook saves us over 80% of time for each incident, reducing the usual time taken from one or two days for attribution to just one or two hours, thanks to their AI techniques that allow me to ask in natural language to explain the meaning and the target of the attacker.
Learn what your peers think about ThreatBook Threat Intelligence Platform (TIP). Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
ThreatBook Threat Intelligence Platform (TIP) serves as a sophisticated cybersecurity tool that empowers users with real-time threat analysis, helping organizations anticipate and mitigate cybersecurity risks efficiently.This platform offers comprehensive threat intelligence capabilities designed to support cybersecurity teams in quickly identifying threats and automating responses. TIP aggregates vast threat data, providing enhanced visibility into potential attacks. Its integration...
We use ThreatBook to have overview visibility of all our assets including if there are any compromised hosts or if there are any incoming attacks from external threats. When we first deployed ThreatBook in our environment, it gave us a very immediate quick overview of our asset categories and quickly detected compromised hosts, including suspected crypto mining on one of our assets. We were able to attribute quite quickly to the compromised hosts what IP it was and if there were any affected other IPs around our network environment. We check our ThreatBook dashboard every two to three days to see if there are any new compromised hosts or if there are any brute force attacks on any of our assets.
Mainly, we use ThreatBook TDP to monitor the east-west and north-south network traffic, detect abnormal behaviors, and provide contextual intelligence to support our threat hunting and incident response. ThreatBook helps with our threat hunting and incident response by providing very high accurate threat intelligence, aggregating all the alerts from attacker perspectives, and showing me all the attack paths, which helps us easily to do the attribution and threat investigation. One more thing is that ThreatBook has very low false positives, which allows us to focus on the real threats and reduces a lot of work on noise reduction. During incident response scenarios, ThreatBook saves us over 80% of time for each incident, reducing the usual time taken from one or two days for attribution to just one or two hours, thanks to their AI techniques that allow me to ask in natural language to explain the meaning and the target of the attacker.