ThreatConnectlogo

ThreatConnect

The Polarity - ThreatConnect integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with ThreatConnect, 1 that enables a user to see the threat information on indicators and one to bulk submit indicators to ThreatConnect, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - ThreatConnect - provides context around indicators in ThreatConnect and enables users to link out to Playbooks and run from the ThreatConnect Ui. Polarity -ThreatConnect IOC Submission - enables analysts to bulk submit IOCs to Threatstream.

ThreatConnect Solutions

Security Operations, Threat Hunting, Incident Response

Configuring ThreatConnect

This integration requires you to complete a few extra steps in order to use it.

In order to use the Polarity - Threatconnect integrations, instance URL, Access ID, and an API Key are required.

Both Threatconnect and the IOC submission integrations require the same configuration options.

Configuration Options

Indicator Types - IPs, Emails, Hashes, Domains

URL - The URL for your Threatconnect server which should include the schema (i.e., http, https) and port if required.

API Key - API Key for the provided user. To create an API key within Threatconnect, please navigate settings and create a Polarity API account.

Acces ID - Account identifier that is associated with the API Key. To find the accessID within Threatconnect, please navigate settings and create a Polarity API account.

Organization Search Blocklist - By default all organizations visible to the provided API User will be searched. This blocklist is a comma delimited list of organizations you do not want searched. This option cannot be used in conjunction with the “Organization Search Allowlist” option.

Organization Search Allowlist - By default all organizations visible to the provided API User will be searched. This allowlist is a comma-delimited list of organizations you want to be searched (organizations not listed will not be searched). This option cannot be used in conjunction with the “Organization Search Blocklist” option.

Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from Threatstream.