What is your primary use case for ThreatConnect Threat Intelligence Platform (TIP)?

ThreatConnect Threat Intelligence Platform (TIP) serves as the primary platform in our organization for IOC aggregation, normalization, and distribution to downstream security controls like SIEM, EDR, and SOAR in a managed services context. In our daily operations, we use ThreatConnect Threat Intelligence Platform (TIP) to automatically inject IOCs from multiple sources including commercial feeds, open source intelligence, and client-specific detection, then distribute the highly confidential IOCs to downstream tools such as SIEM and EDR. We also use ThreatConnect Threat Intelligence Platform (TIP) for continuous threat scoring, deduplication, and lifecycle management of IOCs, ensuring only high confidence, relevant indicators are operationalized and kept in sync across all integrated security tools including SIEM, EDR, and SOAR.

The main use case is threat detection, and it helps day-to-day with threat detection, response, and the cyber security automation feature, which is exceptionally effective. ThreatConnect Threat Intelligence Platform (TIP) is a robust platform that helps with advanced AI-driven intelligence, and it assists whenever there is a problem, serving as a single-stop solution.

We use ThreatConnect Threat Intelligence Platform (TIP) alongside IBM QRadar as our SIEM and the Cortex XSOAR platform. This combination has significantly improved our detection and response workflows, helping us to automate workflows, enrich data, and handle risk scoring of indicators. It has helped us reduce false positives, and we have integrated our Threat Intel on the ThreatConnect Threat Intelligence Platform (TIP) via the STIX and TAXII's APIs. The integration with QRadar, including automated enrichment and risk scoring, has changed our team's workflow. It has helped us improve the threat scoring of individual IOCs such as hash, IPs, and URLs, which directly feed into the QRadar reference sets, and we are calling these references into our detection rules. The TTL has been dynamically applied over lookups, and QRadar stays up to date with dynamic Threat Intel, improving real-time detection with minimal manual overhead required. With real-time detection and minimal manual overhead, our workload has dropped by 90%. We now focus solely on true or threat-scored incidents.

We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.

ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.

The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.

I use it mainly for investigation. I have found it really useful to track and map threat actors. It can be used for balloting as well.

I use ThreatConnect to see what threats are coming in. I also use it to look at threats in the community.

I was doing research on this product by implementing a proof of concept. It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. It is the security operations people or security engineers who use it.