Jason Franscisco
With both Security Orchestration Automation and Response (SOAR) and Threat Intelligence Platform (TIP) capabilities, ThreatConnect unites intelligence, automation, orchestration and response to enable organizations to be more predictive, proactive and efficient. ThreatConnect creates a holistic view with all the essential elements needed for a security operations team in one central platform, in order to gather information on threats and assist with the decision-making process.
Loginsoft developed On-demand enrichment App used for creating Playbooks which automates handling of virtually any action an analyst would want to take. Every playbook starts when an event is triggered.
Loginsoft used ThreatConnect's Exchange Framework to create this App. This Framework provides Built-in Python development to create an app, rather than having to spin up a development environment, dramatically reducing overhead. It is designed to run inside ThreatConnect, making it easier to create apps.
Loginsoft, a leading provider of cyber engineering services for Threat Intel Platform Companies has built the expertise in creating these Playbooks for ThreatConnect Users.
1. Solution Discovery:
2. Integration Development:
3. Integration Vetting:
4. Integration Release:
Here is a look inside ThreatConnect Platform to configure the Playbook using Python Application that calls the SOURCE API Enrichment endpoints like Whois, Dynamic DNS and Passive DNS.
1. Create a new Playbook
2. Select Enrichment Type (e.g. Domain, IP Address, Hash, URL and Email)
3. Provide API Key for the Intelligence Source
4. Provide value for the selected Enrichment Type
Example: Playbook workflow diagram
Explore Cybersecurity Platforms
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.
For over 20 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media, and more have come to rely on Loginsoft as a trusted resource for technology talent. From startups, to product and enterprises rely on our services. Whether Onsite, Offsite, or Offshore, we deliver. With a track record of successful partnerships with leading technology companies globally, and specifically in the past 6 years with Cybersecurity product companies, Loginsoft offers a comprehensive range of security offerings, including Software Supply Chain, Vulnerability Management, Threat Intelligence, Cloud Security, Cybersecurity Platform Integrations, creating content packs for Cloud SIEM, Logs onboarding and more. Our commitment to innovation and expertise has positioned us as a trusted player in the cybersecurity space. Loginsoft continues to provide traditional IT services which include Software development & Support, QA automation, Data Science & AI, etc.
Expertise in Integrations with Threat Intelligence and Security Products: Built more than 200+ integrations with leading TIP, SIEM, SOAR, and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar & Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet, and so on. Loginsoft is a partner with industry leading technology vendors Palo Alto, Splunk, Elastic, IBM Security, etc.
In addition, Loginsoft offers Research as a service: We're more than just experts in cybersecurity; we're your accredited in-house research team focused on unraveling the complexities of cybersecurity and future technologies. From Application Security to Threat Research, our seasoned professionals have cultivated expertise in every facet of the field. We've earned the trust of over 20 security platform companies, who count on our research and analysis to strengthen their cybersecurity solutions.
Interested to learn more? Let’s start a conversation.
IN-HOUSE EXPERTISE
Get practical solutions to real-world challenges, straight from experts who conquered them.
View all our articles
