Flashpoint Integrations
Get the most out of your security investments by integrating Flashpoint into your workflow where it matters most.
Table Of Contents
Anomali | ThreatStream
Type: TIP
Anomali ThreatStream combines threat intelligence, big data management, and machine learning to provide security teams with tools and insights for rapid threat detection, analysis, and response.
The Anomali Threat Platform connects Flashpoint’s finished intelligence with existing security solutions so Anomali customers can gain visibility into industry-specific threats and threat actors.
Supported Datasets: Technical Indicators, Reports, Alerting, Compromised Credentials
Cortex XSOAR
Type: SOAR
Cortex XSOAR unifies case management, automation, real-time collaboration, and threat intelligence management to help security teams improve efficiency and standardize incident response processes.
XSOAR users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.
Supported Datasets: Technical Indicators, Reports, Alerting, Sources, Vulnerabilities
Cyware
Type: SOAR
Cyware provides a comprehensive platform for threat intelligence management, security orchestration and automation, and collaborative threat response, enabling organizations to build cyber fusion centers and enhance their overall security posture.
The Cyware Flashpoint integration provides critical external threat insight for security teams of all sizes and maturities in a centralized location to more quickly and efficiently identify and respond to emerging threats targeting their organizations.
Supported Datasets: Technical Indicators, Reports, Sources, Compromised Credentials
IBM QRadar
Type: SIEM
IBM QRadar collects and analyzes log data, and network flows across an organization’s IT infrastructure to detect, prioritize, and respond to security threats in real time.
With the ‘Flashpoint for QRadar’ app, QRadar customers have visibility into illicit online communities to correlate information related to their infrastructure and can be notified when indicators from internal log data match with Flashpoint intelligence.
Supported Datasets: Technical Indicators, Reports
Maltego
Type: Analysis
Maltego is an investigation platform that accelerates complex cyber investigations by enabling users to gather, analyze, and visualize data from diverse sources to uncover relationships and patterns between entities like domains, IP addresses, and social media profiles.
With Flashpoint’s Maltego Transforms, investigators can incorporate Flashpoint data into Maltego workflows to obtain actionable intelligence, mitigate risk, and combat threats and adversaries.
Supported Datasets: Technical Indicators, Reports, Sources, Compromised Credentials, Alerting
Polarity
Type: Analysis
Polarity is a free-floating overlay platform that automatically searches unlimited sources in parallel to augment data and information from existing applications, accelerating analysis by enriching every tool and workflow.
Polarity users can leverage the Flashpoint integration for threat analysis, threat hunting, and malware analysis by correlating information from Flashpoint
Polarity users can leverage Flashpoint data for real-time context and insights on indicators like IP addresses, domains, file hashes, and CVEs directly within their existing workflows, enabling faster triage and more informed decision-making.
Supported Datasets: Technical Indicators, Reports, Vulnerabilities
ServiceNow
Type: SOAR
ServiceNow is a cloud-based workflow automation platform that enhances operational efficiencies across enterprise organizations by streamlining and automating various business functions.
ServiceNow users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.
Supported Datasets: Technical Indicators, Reports, Sources, Alerting, Vulnerabilities
Silobreaker
Type: TIP
Silobreaker aggregates and analyzes data from millions of sources across 17 languages to provide actionable insights for cyber threat intelligence, geopolitical risk assessment, and strategic decision-making.
Correlating Flashpoint’s data with Silobreaker’s surface web sources and powerful analytical tools gives customers the visibility and context needed to efficiently assess trends and combat threats to their operations.
Supported Datasets: Card Fraud, Reports, Sources
Splunk
Type: SIEM
Splunk is a data platform that enables organizations to collect, search, analyze, and visualize machine-generated data.
With the Flashpoint Splunk app and add-on, Splunk users are notified when internal log data indicators correspond with Flashpoint intelligence, enabling them to prioritize their response.
Supported Datasets: Sources, Alerting, Compromised Credentials, Vulnerabilities
Splunk | Phantom
Type: SIEM/SOAR
Splunk Phantom integrates with over 300 security tools to automate repetitive tasks, streamline incident response workflows, and enable security teams to investigate and remediate threats more quickly and efficiently.
The Flashpoint Splunk Phantom integration facilitates easy access to Flashpoint data and intelligence with associated context specifically for Splunk Phantom users. Flashpoint datasets enrich internal data, assisting security teams to automate tasks, orchestrate workflows, and support a broad range of SOC functions.
Supported Datasets: Technical Indicators, Reports, Sources, Compromised Credentials, Alerting
ThreatConnect
Type: TIP
ThreatConnect enables organizations to aggregate, analyze, and operationalize threat data for enhanced security and risk management.
Flashpoint complements ThreatConnect with intelligence reports and Indicators of Compromise (IoCs) so customers can associate incidents with indicators and gain helpful context like MITRE ATT&CK tags and scoring.
Supported Datasets: Technical Indicators, Reports
ThreatQuotient | ThreatQ
Type: TIP
ThreatQ combines, normalizes, and contextualizes threat data from external and internal sources into a Threat library used across the organization.
The ThreatQ and Flashpoint integration offers access to an extensive range of datasets to provide a “state of the threat” landscape to assist security personnel in developing and prioritizing intelligence on emerging threats.
Supported Datasets: Technical Indicators, Card Fraud, Reports, Sources, Compromised Credentials, Alerting, Vulnerabilities
Vertex | Synapse
Type: Analysis
Vertex Synapse is a comprehensive central intelligence and analysis system that supports analyst teams throughout the intelligence lifecycle.
Flashpoint’s Vertex integration merges Flashpoint’s threat intelligence with Vertex’s data analytics platform so users can gain deeper insights into threats.
Supported Datasets: Sources, Technical Indicators, Reports
Technical Indicators: Indicators of compromise (IoCs) and technical data across Flashpoint datasets and those included in Finished Intelligence Reports.