Integration Spotlight: ThreatConnect

Integration Spotlight: ThreatConnect

Enrich data from numerous threat feeds by adding vital context on indicators of compromise from Recorded Future.

Table of Contents


Product Overview

ThreatConnect® arms organizations with a powerful defense against cyber threats and the confidence to make strategic business decisions. Built on the industry’s only intelligence-driven, extensible security platform, ThreatConnect provides a suite of products designed to meet the threat intelligence aggregation, analysis, and automation needs of security teams at any maturity level. More than 1,600 companies and agencies worldwide deploy the ThreatConnect platform to fully integrate their security technologies, teams, and processes with actionable threat intelligence resulting in reduced detection to response time and enhanced asset protection.

Challenges Overcome Through Integration

When security teams don’t collaborate and tools don’t communicate, critical gaps emerge. By making Recorded Future data available in ThreatConnect, you’re able to build processes to identify the most relevant threats, proactively protect your network, and quickly respond to incidents in a measurable way.


Integration Description

ThreatConnect has multiple integration points with Recorded Future. The Recorded Future Risk List integration takes advantage of new API endpoints and ingests the IP, Domain, and Hash Risk Lists from Recorded Future into ThreatConnect as a source called “Recorded Future Risk List.”

ThreatConnect also has a Recorded Future Enrichment playbook app which will accept address and host indicators and will query the Recorded Future Cyber API for enrichment. Returned data is passed to downstream playbook components in the form of output variables.

In addition, there spaces app that can search Recorded Future for what they know about an indicator from within ThreatConnect, or see what Recorded Future knows about an indicator on the indicator spaces app tab.