Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. Centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness in one place. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit www.ThreatConnect.com.
The ThreatConnect Activity Pack for ServiceNow Orchestration provides a set of activities that can be leveraged from ServiceNow Orchestration workflows to interact with ThreatConnect's API and Playbooks. These activities provide a broad set of functionality that can be used for automating Threat Intel and SOC/IR processes.
The following activities are available:
- Create ThreatConnect Incident
- Create ThreatConnect Indicator
- Get ThreatConnect Incident
- Get ThreatConnect Indicator
- Filter ThreatConnect Indicators
- ThreatConnect API Client
- Run ThreatConnect Playbook
10/11/22 - Minor update to better handle different indicator types with Create Indicator Activity.
06/29/22 - Minor update to fix issue adding metadata with the Create Indicator activity.
05/18/22 - Added San Diego Compatibility
12/30/21 - Added Rome Compatibility
Initial Release.
- ServiceNow® Orchestration.
- (Optional) MID Server if ThreatConnect is deployed on-premise.