Threat Intelligence Platform
Offer a reference bonus

Threat Intelligence Platform

ThreatConnect, Inc.


PitchAutomate the Collection of Intel From All Sources

Product features


With our Threat Intelligence Platform (TIP), centralize the aggregation and management of threat data no matter the source. Whether it’s Open Source data from OSINT Feeds, Blogs, or RSS Feeds; or indicators being sent from a threat intel feed provided by an ISAC or Premium Provider, we take that data and add additional context. Robust integrations with tools like your SIEM, EDR, and firewall pull internally generated logs into ThreatConnect for further enrichment. You’re provided with a place to organize and prioritize the data so you can then use it to drive actions inside and outside of the Platform. Agnostic and Extensible Integrations for Distributing Information to Other Security Tools
Intelligence collected within our Threat Intelligence Platform has the ability to dictate decisions being made across your technology stack. Send relevant and actionable insights from the TIP to other tools with our wide breadth of integrations and flexible Playbooks. Export Threat Intelligence Reports and share the information with other teams to help your organization stay up to date on relevant threats. Read more about how ThreatConnect helped a customer use relevant threat intelligence here. Dynamic Intel-driven Automation and Orchestration for Better Decision Making As additional context and associations are applied to an indicator, you are armed with intelligence that should influence decision making. But, indicators are dynamic and ever changing. And as they change, so should the processes tied to them. With ThreatConnect, intel-driven automation, orchestration, and response gives you the ability to adjust decisions on the fly based on the changes seen in the intelligence that is influencing the process. Your automated processes are made smarter with Playbooks that enable continuous dynamic decision-making. With ThreatConnect, you are able to centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness all in one place. Make your security operations and analysts more efficient, while providing real-time insights to security leaders to make better business decisions. With ThreatConnect’s intelligence-driven security operations platform, your team has the ability to leverage threat intelligence, automation, and orchestration directly from one platform. Automation or orchestration informed by threat intelligence makes your pre-existing technology investments and your entire security team — including security operations and incident response — more efficient and more effective. A complete solution, ThreatConnect enables you to gain visibility into threats and understand their relevance to your organization, as well as increase efficiency with automation, task management, and orchestration. With ThreatConnect, every member of your security team — including leadership — benefits from using the same platform. A centralized system of record, ThreatConnect can measure the effectiveness of your organization with cross-platform analytics and customizable dashboards.

Product Features

  • Open Source Feeds
  • Ingest Premium Feeds
  • Access to CAL™ Data
  • TAXII Server
  • ThreatConnect Intelligence Source
  • Custom Dashboards
  • Automated Email Import
  • Manage Incidents and Tasks
  • Create Threat Intelligence
  • Orchestration
  • Custom Indicator Types

Problems that the product solves

Risk or Leaks of confidential information

Risk of attacks by hackers

Risk of data loss or damage

Decentralized IT systems

High costs of IT personnel


Enhance Staff Productivity

Manage Risks

Testing Contact:

Characteristics (Threat Intelligence Platforms)

Own feed providers / feed prep analytics centers


Normalization, feed deduplication


Number of feed suppliers out of the box


CSV files


JSON files






STIX / TAXII Standards Support


Unstructured text data


The ability to enrich data from external sources (for example, WHOis, PassiveDNS, VirusTotal, etc.)


Connecting additional feed providers


Search for matches in SIEM events


Direct incident response through integration with third-party information security systems


Responding to incidents using complex algorithms (playbooks)


REST API Integration Capability


Manual adjustment of “weight” parameters for feed’s


Ability to build a graph of links between feed’s objects and internal artifacts


Transaction Features

Partner average discount

Deal protection

Average deal size

Average deal closing time

Competitive products

User features

Roles of Interested Employees

Chief Information Officer

Chief IT Security Officer

IT Security and Risk Management

Organizational Features

IT Security Department in company

Company branches in different countries