by Ryan Trost | Feb 23, 2017 | Blog, Threat Intelligence
Aging Intelligence Tier II – Maturing Deprecation & Scoring POSTED BY RYAN TROST The next evolution of deprecation and scoring is developing several advanced “aging” algorithms. This provides analysts the next phase of control to be applied to their intelligence...
by Julian DeFronzo | Feb 13, 2017 | Blog, Corporate, Threat Intelligence
ThreatQ and Phantom: Injecting Contextual Threat Intel into Security Automation and Orchestration POSTED BY JULIAN DEFRONZO The emergence of automation and orchestration tools in the security space has helped enhance security analyst and incident response workflows....
by Thomas Ashoff | Feb 2, 2017 | Blog, Corporate, Threat Intelligence
ThreatQ 3.0 Adheres to Einstein’s 3 Rules to Streamline Threat Operations POSTED BY THOMAS ASHOFF Einstein had three rules of work: 1) out of clutter find simplicity, 2) from discord find harmony, and 3) in the middle of difficulty lies opportunity.We worked by these...
by Mike Clark | Jan 25, 2017 | Blog, Cybersecurity, Threat Intelligence
Taking Action on GRIZZLY STEPPE Data with ThreatQ POSTED BY MIKE CLARK In early October, the DHS’ NCCIC and the FBI released a Joint Analysis Report (JAR) detailing a campaign they attribute to Russia. The campaign target was the Democratic National Committee and is...
![Expiration [Entry-Level Deprecation]](https://www.threatq.com/wp-content/uploads/2017/01/Expiration-1080x675.gif)
by Ryan Trost | Jan 10, 2017 | Blog, Threat Intelligence
Expiration POSTED BY RYAN TROST As each day passes, threat intelligence platforms are automatically absorbing hundreds, thousands, or potentially millions of indicators, forcing teams (…and vendors) to quickly define a threat data lifecycle or expiration strategy....
by Mike Clark | Jan 5, 2017 | Blog, Cybersecurity, Threat Intelligence
Investigating Spear phish Incidents with ThreatQ: Part 2 POSTED BY MIKE CLARK In part one of this article, we showed how to import a spear phish email into the ThreatQ platform, extract useful Indicators, and use an Operation to check the Splunk SIEM software to see...
