We use ThreatConnect Threat Intelligence Platform (TIP) alongside IBM QRadar as our SIEM and the Cortex XSOAR platform. This combination has significantly improved our detection and response workflows, helping us to automate workflows, enrich data, and handle risk scoring of indicators. It has helped us reduce false positives, and we have integrated our Threat Intel on the ThreatConnect Threat Intelligence Platform (TIP) via the STIX and TAXII's APIs. The integration with QRadar, including automated enrichment and risk scoring, has changed our team's workflow. It has helped us improve the threat scoring of individual IOCs such as hash, IPs, and URLs, which directly feed into the QRadar reference sets, and we are calling these references into our detection rules. The TTL has been dynamically applied over lookups, and QRadar stays up to date with dynamic Threat Intel, improving real-time detection with minimal manual overhead required. With real-time detection and minimal manual overhead, our workload has dropped by 90%. We now focus solely on true or threat-scored incidents.
We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.
Manager, Product & Channel Development at Spire Solutions
Real User
Top 10
2024-06-07T07:20:45Z
Jun 7, 2024
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.
Information Technology Security Specialist at LTIMindtree
Real User
Top 10
2023-11-27T09:21:01Z
Nov 27, 2023
The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.
Find out what your peers are saying about ThreatConnect, Anomali, ThreatQuotient and others in Threat Intelligence Platforms (TIP). Updated: October 2025.
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees
Real User
2020-12-31T15:31:49Z
Dec 31, 2020
I was doing research on this product by implementing a proof of concept. It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. It is the security operations people or security engineers who use it.
Threat Intelligence Platforms provide comprehensive solutions for collecting, analyzing, and managing threat data. They enhance security teams' understanding and response capabilities, ensuring proactive defense against emerging threats.These platforms aggregate vast amounts of threat data from multiple sources, offering a centralized interface for organizations to manage and analyze security threats efficiently. By automating threat data collection and enhancing threat analysis, they enable...
We use ThreatConnect Threat Intelligence Platform (TIP) alongside IBM QRadar as our SIEM and the Cortex XSOAR platform. This combination has significantly improved our detection and response workflows, helping us to automate workflows, enrich data, and handle risk scoring of indicators. It has helped us reduce false positives, and we have integrated our Threat Intel on the ThreatConnect Threat Intelligence Platform (TIP) via the STIX and TAXII's APIs. The integration with QRadar, including automated enrichment and risk scoring, has changed our team's workflow. It has helped us improve the threat scoring of individual IOCs such as hash, IPs, and URLs, which directly feed into the QRadar reference sets, and we are calling these references into our detection rules. The TTL has been dynamically applied over lookups, and QRadar stays up to date with dynamic Threat Intel, improving real-time detection with minimal manual overhead required. With real-time detection and minimal manual overhead, our workload has dropped by 90%. We now focus solely on true or threat-scored incidents.
We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.
The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.
I use it mainly for investigation. I have found it really useful to track and map threat actors. It can be used for balloting as well.
I use ThreatConnect to see what threats are coming in. I also use it to look at threats in the community.
I was doing research on this product by implementing a proof of concept. It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. It is the security operations people or security engineers who use it.