Flashpoint Integrations
Get the most out of your security investments by integrating Flashpoint into your workflow where it matters most.
Partner Integrations
Threat Intelligence Platforms (TIP)
Anomali | ThreatStream
Type: TIP
Anomali ThreatStream combines threat intelligence, big data management, and machine learning to provide security teams with tools and insights for rapid threat detection, analysis, and response.
The Anomali Threat Platform connects Flashpoint’s finished intelligence with existing security solutions so Anomali customers can gain visibility into industry-specific threats and threat actors.
Supported Datasets: Alerting, Compromised Credentials, Intelligence Reports, Technical Indicators, Vulnerabilities
Silobreaker
Type: TIP
Silobreaker aggregates and analyzes data from millions of sources across 17 languages to provide actionable insights for cyber threat intelligence, geopolitical risk assessment, and strategic decision-making.
Correlating Flashpoint’s data with Silobreaker’s surface web sources and powerful analytical tools gives customers the visibility and context needed to assess trends and efficiently combat threats to their operations.
Supported Datasets: Card Fraud, Communities, Compromised Credentials, Intelligence Reports, Marketplaces
ThreatConnect
Type: TIP
ThreatConnect enables organizations to aggregate, analyze, and operationalize threat data for enhanced security and risk management.
Flashpoint complements ThreatConnect with intelligence reports and Indicators of Compromise (IoCs) so customers can associate incidents with indicators and gain helpful context like MITRE ATT&CK tags and scoring.
Supported Datasets: Intelligence Reports, Technical Indicators, Vulnerabilities
ThreatQuotient | ThreatQ
Type: TIP
ThreatQ combines, normalizes, and contextualizes threat data from external and internal sources into a Threat library used across the organization.
The ThreatQ and Flashpoint integration offers access to an extensive range of datasets to provide a “state of the threat” landscape to assist security personnel in developing and prioritizing intelligence on emerging threats.
Supported Datasets: Alerting, Card Fraud, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Media, Technical Indicators, Vulnerabilities
EclecticIQ
Type: TIP
With EclecticIQ and Flashpoint, teams use a set of workflows in a collaborative workplace to focus, triage, analyze, collaborate, and act decisively on the right course of action.
Supported Datasets: Communities, Intelligence Reports, Marketplaces, Technical Indicators
Cyware CTIX
Type: TIP
Cyware CTIX provides a comprehensive platform for threat intelligence management, security orchestration and automation, and collaborative threat response, enabling organizations to build cyber fusion centers and enhance their overall security posture.
The Cyware CTIX Flashpoint integration provides critical external threat insight for security teams of all sizes and maturities in a centralized location to more quickly and efficiently identify and respond to emerging threats targeting their organizations.
Supported Datasets: Intelligence Reports, Technical Indicators, Vulnerabilities
Analyst1
Type: TIP
Analyst1 is a threat intelligence platform designed to enhance cybersecurity by streamlining the processes of threat detection, analysis, and response.
Analysts can leverage the Analyst1 and Flashpoint integration to access comprehensive threat intelligence, query indicators across multiple datasets, perform enhanced threat analysis and hunting, and gain real-time context for faster triage and more informed decision-making within their existing workflows.
Supported Datasets: Intelligence Reports
Security Orchestration, Automation, and Response (SOAR)
Cortex XSOAR
Type: SOAR
Cortex XSOAR unifies case management, automation, real-time collaboration, and threat intelligence management to help security teams improve efficiency and standardize incident response processes.
XSOAR users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.
Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators, Vulnerabilities
ServiceNow
Type: SOAR
ServiceNow is a cloud-based workflow automation platform that enhances operational efficiencies across enterprise organizations by streamlining and automating various business functions.
ServiceNow users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.
Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators, Vulnerabilities
Splunk | Phantom
Type: SOAR
Splunk Phantom integrates with over 300 security tools to automate repetitive tasks, streamline incident response workflows, and enable security teams to investigate and remediate threats more quickly and efficiently.
The Flashpoint Splunk Phantom integration facilitates easy access to Flashpoint data and intelligence with associated context specifically for Splunk Phantom users. Flashpoint datasets enrich internal data, assisting security teams to automate tasks, orchestrate workflows, and support a broad range of SOC functions.
Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators
Security Information and Event Management (SIEM)
IBM QRadar
Type: SIEM
IBM QRadar collects and analyzes log data, and network flows across an organization’s IT infrastructure to detect, prioritize, and respond to security threats in real time.
With the ‘Flashpoint for QRadar’ app, QRadar customers have visibility into illicit online communities to correlate information related to their infrastructure and can be notified when indicators from internal log data match with Flashpoint intelligence.
Supported Datasets: Intelligence Reports, Technical Indicators
Splunk
Type: SIEM
Splunk is a data platform that enables organizations to collect, search, analyze, and visualize machine-generated data.
With the Flashpoint Splunk app and add-on, Splunk users are notified when internal log data indicators correspond with Flashpoint intelligence, enabling them to prioritize their response.
Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators, Vulnerabilities
Analysis and Investigations
Maltego
Type: Analysis
Maltego is an investigation platform that accelerates complex cyber investigations by enabling users to gather, analyze, and visualize data from diverse sources to uncover relationships and patterns between entities like domains, IP addresses, and social media profiles.
With Flashpoint’s Maltego Transforms, investigators can incorporate Flashpoint data into Maltego workflows to obtain actionable intelligence, mitigate risk, and combat threats and adversaries.
Supported Datasets: Alerting, Communities, Compromised Credentials, Intelligence Reports, Marketplaces, Technical Indicators
Polarity
Type: Analysis
Polarity is a free-floating overlay platform that automatically searches unlimited sources in parallel to augment data and information from existing applications, accelerating analysis by enriching every tool and workflow.
Polarity users can leverage the Flashpoint integration for threat analysis, threat hunting, and malware analysis by correlating information from Flashpoint.
Polarity users can leverage Flashpoint data for real-time context and insights on indicators like IP addresses, domains, file hashes, and CVEs within their existing workflows, enabling faster triage and more informed decision-making.
Supported Datasets: Intelligence Reports, Technical Indicators, Vulnerabilities
Vertex Project | Synapse Enterprise
Type: Analysis
Synapse is a comprehensive central intelligence and analysis system that supports analyst teams throughout the intelligence lifecycle.
This integration merges Flashpoint’s threat intelligence with Vertex’s data analytics platform so users can gain deeper insights into threats.
Supported Datasets: Communities, Marketplaces, Technical Indicators
Ontic
Type: Investigation
Ontic is a protective intelligence software provider that helps organizations identify, investigate, assess, and manage physical security threats.
With the integration of Flashpoint Alerting, Ontic customers can augment their data to get a full picture of potential physical and cyber threats.
Supported Datasets: Alerting
Blockchain Intelligence
TRM Labs
Type: Blockchain Intelligence
TRM Labs provides blockchain intelligence to help government agencies investigate and build cases for digital asset fraud and financial crime.
Investigators using TRM Forensics can access real-time and historical information from Flashpoint’s illicit communities and marketplaces.
Customers with access to Flashpoint Ignite can seamlessly pivot into Ignite directly from Forensics, unlocking deeper insights and investigative pathways.
Supported Datasets: Communities, Marketplaces
Product Integrations
Slack
Flashpoint customers can receive alerts from the Ignite platform within Slack for rapid visibility and streamlined workflows.
MISP
Flashpoint’s Technical Indicators API provides MISP endpoints to support integrations to automate information sharing.
STIX TAXII
Flashpoint’s Technical Indicators API provides STIX/TAXII 2.1 endpoints to support integrations to automate information sharing.
Dataset Descriptions
Alerting: Email alerts that match a user’s area of concern such as leaked assets, organizational risks, or industry-related threats.
Card Fraud: Visibility into exposed card data within illicit card shops and threat actor communities provides insight into cybercriminal tactics so organizations can detect, prevent, and respond to fraud-related threats.
Communities: Discussions from illicit threat actor communities operating in chat services, forums, blogs, and social media networks provide early warning signals to help organizations stay ahead of attacks.
Compromised Credentials: Database of over 48 billion stolen and leaked credentials from open sources, illicit communities, marketplaces, and infostealer malware logs.
Marketplaces: Access to deep and dark web marketplaces helps users understand cyber threats, assess exposure, and potentially recover stolen data.
Intelligence Reports: Finished intelligence reports written by seasoned analysts provide expert insight into a broad spectrum of current and emerging threats, including fraud, malware, ransomware, violent extremism, and physical threats.
Technical Indicators: Indicators of compromise (IoCs) and technical data across Flashpoint datasets and those included in finished intelligence reports.
Vulnerabilities: Access to Flashpoint’s extensive vulnerability data enables effective prioritization to prevent or mitigate exposure.