We use ThreatConnect Threat Intelligence Platform (TIP) alongside IBM QRadar as our SIEM and the Cortex XSOAR platform. This combination has significantly improved our detection and response workflows, helping us to automate workflows, enrich data, and handle risk scoring of indicators. It has helped us reduce false positives, and we have integrated our Threat Intel on the ThreatConnect Threat Intelligence Platform (TIP) via the STIX and TAXII's APIs. The integration with QRadar, including automated enrichment and risk scoring, has changed our team's workflow. It has helped us improve the threat scoring of individual IOCs such as hash, IPs, and URLs, which directly feed into the QRadar reference sets, and we are calling these references into our detection rules. The TTL has been dynamically applied over lookups, and QRadar stays up to date with dynamic Threat Intel, improving real-time detection with minimal manual overhead required. With real-time detection and minimal manual overhead, our workload has dropped by 90%. We now focus solely on true or threat-scored incidents.
We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.
Manager, Product & Channel Development at Spire Solutions
Real User
Top 10
2024-06-07T07:20:45Z
Jun 7, 2024
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.
Information Technology Security Specialist at LTIMindtree
Real User
Top 20
2023-11-27T09:21:01Z
Nov 27, 2023
The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.
Learn what your peers think about ThreatConnect Threat Intelligence Platform (TIP). Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees
Real User
2020-12-31T15:31:49Z
Dec 31, 2020
I was doing research on this product by implementing a proof of concept. It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. It is the security operations people or security engineers who use it.
The ThreatConnect Threat Intelligence Operations (TIOps) Platform lets organizations operationalize and evolve their cyber threat intel program, enabling cybersecurity operations teams to measurably improve their organization’s resilience to attacks. The TIOps Platform enhances collaboration across teams to drive proactive threat defense, and improve threat detection and response. The AI- and automation-powered TI Ops Platform enables analysts to perform all their work effectively and...
We use ThreatConnect Threat Intelligence Platform (TIP) alongside IBM QRadar as our SIEM and the Cortex XSOAR platform. This combination has significantly improved our detection and response workflows, helping us to automate workflows, enrich data, and handle risk scoring of indicators. It has helped us reduce false positives, and we have integrated our Threat Intel on the ThreatConnect Threat Intelligence Platform (TIP) via the STIX and TAXII's APIs. The integration with QRadar, including automated enrichment and risk scoring, has changed our team's workflow. It has helped us improve the threat scoring of individual IOCs such as hash, IPs, and URLs, which directly feed into the QRadar reference sets, and we are calling these references into our detection rules. The TTL has been dynamically applied over lookups, and QRadar stays up to date with dynamic Threat Intel, improving real-time detection with minimal manual overhead required. With real-time detection and minimal manual overhead, our workload has dropped by 90%. We now focus solely on true or threat-scored incidents.
We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.
The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.
I use it mainly for investigation. I have found it really useful to track and map threat actors. It can be used for balloting as well.
I use ThreatConnect to see what threats are coming in. I also use it to look at threats in the community.
I was doing research on this product by implementing a proof of concept. It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. It is the security operations people or security engineers who use it.