What is your primary use case for ThreatConnect Threat Intelligence Platform (TIP)?

Our main use case for ThreatConnect Threat Intelligence Platform (TIP) is to centralize, analyze, and operationalize threat intelligence across our organization. We use it to aggregate threat data from multiple sources, enrich it with context, and prioritize threats so our security operations team can respond quickly and effectively. This helps us identify and mitigate potential attacks, strengthen our defense, and improve incident response times. ThreatConnect Threat Intelligence Platform (TIP) helps our team quickly identify a phishing campaign targeting our employees by aggregating threat indicators from multiple sources and correlating them with our internal logs. We are able to prioritize the threat, blocking malicious domains and alerting affected users within hours. This not only prevents potential breaches but also streamlines our security operations by reducing the time analysts spend manually correlating threat data. Beyond responding to specific threats, our team uses ThreatConnect Threat Intelligence Platform (TIP) to continuously monitor and analyze the broader threat landscape. It helps us track threat actors, campaigns, and indicators over time, which informs our proactive security measures and strategic decisions. Analysts rely on ThreatConnect Threat Intelligence Platform (TIP) to enrich incoming threat data and automate repetitive workflows, ensuring that our SOC and incident response teams have the context they need to act quickly and accurately.

ThreatConnect Threat Intelligence Platform (TIP) serves as the primary platform in our organization for IOC aggregation, normalization, and distribution to downstream security controls like SIEM, EDR, and SOAR in a managed services context. In our daily operations, we use ThreatConnect Threat Intelligence Platform (TIP) to automatically inject IOCs from multiple sources including commercial feeds, open source intelligence, and client-specific detection, then distribute the highly confidential IOCs to downstream tools such as SIEM and EDR. We also use ThreatConnect Threat Intelligence Platform (TIP) for continuous threat scoring, deduplication, and lifecycle management of IOCs, ensuring only high confidence, relevant indicators are operationalized and kept in sync across all integrated security tools including SIEM, EDR, and SOAR.

The main use case is threat detection, and it helps day-to-day with threat detection, response, and the cyber security automation feature, which is exceptionally effective. ThreatConnect Threat Intelligence Platform (TIP) is a robust platform that helps with advanced AI-driven intelligence, and it assists whenever there is a problem, serving as a single-stop solution.

We use ThreatConnect Threat Intelligence Platform (TIP) alongside IBM QRadar as our SIEM and the Cortex XSOAR platform. This combination has significantly improved our detection and response workflows, helping us to automate workflows, enrich data, and handle risk scoring of indicators. It has helped us reduce false positives, and we have integrated our Threat Intel on the ThreatConnect Threat Intelligence Platform (TIP) via the STIX and TAXII's APIs. The integration with QRadar, including automated enrichment and risk scoring, has changed our team's workflow. It has helped us improve the threat scoring of individual IOCs such as hash, IPs, and URLs, which directly feed into the QRadar reference sets, and we are calling these references into our detection rules. The TTL has been dynamically applied over lookups, and QRadar stays up to date with dynamic Threat Intel, improving real-time detection with minimal manual overhead required. With real-time detection and minimal manual overhead, our workload has dropped by 90%. We now focus solely on true or threat-scored incidents.

We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.

ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.

The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.

I use it mainly for investigation. I have found it really useful to track and map threat actors. It can be used for balloting as well.

I use ThreatConnect to see what threats are coming in. I also use it to look at threats in the community.

I was doing research on this product by implementing a proof of concept. It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. It is the security operations people or security engineers who use it.