Flashpoint Integrations

Anomali | ThreatStream

Type: TIP

Anomali ThreatStream combines threat intelligence, big data management, and machine learning to provide security teams with tools and insights for rapid threat detection, analysis, and response. 

The Anomali Threat Platform connects Flashpoint’s finished intelligence with existing security solutions so Anomali customers can gain visibility into industry-specific threats and threat actors.

Supported Datasets:  Alerting, Compromised Credentials, Intelligence Reports, Technical Indicators, Vulnerabilities

Silobreaker

Type: TIP

Silobreaker aggregates and analyzes data from millions of sources across 17 languages to provide actionable insights for cyber threat intelligence, geopolitical risk assessment, and strategic decision-making.

Correlating Flashpoint’s data with Silobreaker’s surface web sources and powerful analytical tools gives customers the visibility and context needed to assess trends and efficiently combat threats to their operations.

Supported Datasets: Card Fraud, Communities, Compromised Credentials, Intelligence Reports, Marketplaces

ThreatConnect

Type: TIP

ThreatConnect enables organizations to aggregate, analyze, and operationalize threat data for enhanced security and risk management. 

Flashpoint complements ThreatConnect with intelligence reports and Indicators of Compromise (IoCs) so customers can associate incidents with indicators and gain helpful context like MITRE ATT&CK tags and scoring.

Supported Datasets:  Intelligence Reports, Technical Indicators, Vulnerabilities

ThreatQuotient | ThreatQ

Type: TIP

ThreatQ combines, normalizes, and contextualizes threat data from external and internal sources into a Threat library used across the organization.

The ThreatQ and Flashpoint integration offers access to an extensive range of datasets to provide a “state of the threat” landscape to assist security personnel in developing and prioritizing intelligence on emerging threats.

Supported Datasets: Alerting, Card Fraud, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Media, Technical Indicators, Vulnerabilities

EclecticIQ

Type: TIP

With EclecticIQ and Flashpoint, teams use a set of workflows in a collaborative workplace to focus, triage, analyze, collaborate, and act decisively on the right course of action.

Supported Datasets: Communities, Intelligence Reports, Marketplaces, Technical Indicators

Cyware CTIX

Type: TIP

Cyware CTIX provides a comprehensive platform for threat intelligence management, security orchestration and automation, and collaborative threat response, enabling organizations to build cyber fusion centers and enhance their overall security posture.

The Cyware CTIX Flashpoint integration provides critical external threat insight for security teams of all sizes and maturities in a centralized location to more quickly and efficiently identify and respond to emerging threats targeting their organizations.

Supported Datasets: Intelligence Reports, Technical Indicators

Analyst1

Type: TIP

Analyst1 is a threat intelligence platform designed to enhance cybersecurity by streamlining the processes of threat detection, analysis, and response.

Analysts can leverage the Analyst1 and Flashpoint integration to access comprehensive threat intelligence, query indicators across multiple datasets, perform enhanced threat analysis and hunting, and gain real-time context for faster triage and more informed decision-making within their existing workflows.

Supported Datasets: Intelligence Reports

Cortex XSOAR

Type: SOAR

Cortex XSOAR unifies case management, automation, real-time collaboration, and threat intelligence management to help security teams improve efficiency and standardize incident response processes. 

XSOAR users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.

Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators, Vulnerabilities

ServiceNow

Type: SOAR

ServiceNow is a cloud-based workflow automation platform that enhances operational efficiencies across enterprise organizations by streamlining and automating various business functions. 

ServiceNow users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.

Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators, Vulnerabilities

Splunk | Phantom

Type: SOAR

Splunk Phantom integrates with over 300 security tools to automate repetitive tasks, streamline incident response workflows, and enable security teams to investigate and remediate threats more quickly and efficiently.

The Flashpoint Splunk Phantom integration facilitates easy access to Flashpoint data and intelligence with associated context specifically for Splunk Phantom users. Flashpoint datasets enrich internal data, assisting security teams to automate tasks, orchestrate workflows, and support a broad range of SOC functions.

Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators

IBM QRadar

Type: SIEM

IBM QRadar collects and analyzes log data, and network flows across an organization’s IT infrastructure to detect, prioritize, and respond to security threats in real time.

With the ‘Flashpoint for QRadar’ app, QRadar customers have visibility into illicit online communities to correlate information related to their infrastructure and can be notified when indicators from internal log data match with Flashpoint intelligence.

Supported Datasets: Intelligence Reports, Technical Indicators

Splunk

Type: SIEM

Splunk is a data platform that enables organizations to collect, search, analyze, and visualize machine-generated data. 

With the Flashpoint Splunk app and add-on, Splunk users are notified when internal log data indicators correspond with Flashpoint intelligence, enabling them to prioritize their response.

Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators, Vulnerabilities

Maltego

Type: Analysis

Maltego is an investigation platform that accelerates complex cyber investigations by enabling users to gather, analyze, and visualize data from diverse sources to uncover relationships and patterns between entities like domains, IP addresses, and social media profiles.

With Flashpoint’s Maltego Transforms, investigators can incorporate Flashpoint data into Maltego workflows to obtain actionable intelligence, mitigate risk, and combat threats and adversaries.

Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators

Polarity

Type: Analysis

Polarity is a free-floating overlay platform that automatically searches unlimited sources in parallel to augment data and information from existing applications, accelerating analysis by enriching every tool and workflow.

Polarity users can leverage the Flashpoint integration for threat analysis, threat hunting, and malware analysis by correlating information from Flashpoint. 

Polarity users can leverage Flashpoint data for real-time context and insights on indicators like IP addresses, domains, file hashes, and CVEs within their existing workflows, enabling faster triage and more informed decision-making.

Supported Datasets: Intelligence Reports, Technical Indicators, Vulnerabilities

Vertex Project | Synapse Enterprise

Type: Analysis

Synapse is a comprehensive central intelligence and analysis system that supports analyst teams throughout the intelligence lifecycle.

This integration merges Flashpoint’s threat intelligence with Vertex’s data analytics platform so users can gain deeper insights into threats.

Supported Datasets: Communities, Marketplaces, Technical Indicators

Ontic

Type: Investigation

Ontic is a protective intelligence software provider that helps organizations identify, investigate, assess, and manage physical security threats.

With the integration of Flashpoint Alerting, Ontic customers can augment their data to get a full picture of potential physical and cyber threats.

Supported Datasets: Alerting

TRM Labs

Type: Blockchain Intelligence

TRM Labs provides blockchain intelligence to help government agencies investigate and build cases for digital asset fraud and financial crime.

Investigators using TRM Forensics can access real-time and historical information from Flashpoint’s illicit communities and marketplaces.

Customers with access to Flashpoint Ignite can seamlessly pivot into Ignite directly from Forensics, unlocking deeper insights and investigative pathways.

Supported Datasets: Communities, Marketplaces

Slack

Flashpoint customers can receive alerts from the Ignite platform within Slack for rapid visibility and streamlined workflows.

MISP

Flashpoint’s Technical Indicators API provides MISP endpoints to support integrations to automate information sharing.

STIX TAXII

Flashpoint’s Technical Indicators API provides STIX/TAXII 2.1 endpoints to support integrations to automate information sharing.