The ThreatConnect Platform was specifically designed to help users understand adversaries, automate workflows, and mitigate threats faster using threat intelligence.

By leveraging insights from illicit online communities and other highly curated data sources, Flashpoint delivers Business Risk Intelligence (BRI) to help multiple teams across an organization bolster cybersecurity, confront fraud, detect insider threats, enhance corporate and physical security, improve executive protection, address third-party risk, and support due diligence efforts.

The ThreatConnect Platform provides a central place for users to visualize and analyze internal data, as well as integrate it into internal security tools. By utilizing Flashpoint datasets, the solution delivers greater visibility into threats, empowering experienced and entry-level users alike with the context they need to make better decisions about risk and threats.

The Flashpoint & ThreatConnect Advantage

This solution leverages data from illicit online communities safely to supplement investigations with targeted data from highly curated sources, making it available in a single platform. It also provides organizations with a strategic advantage when analyzing data, further insight into potential threats, and amplifies the power of their security infrastructure.

Key Features


ThreatConnect allows organizations to send threat intelligence to their tools (SIEMs, endpoint detection & response (EDR), network security management (NSM), intrusion detection systems (IDS) and intrusion prevention systems (IPS) as IOCs and rules. This includes the Flashpoint RIOs dataset, providing strategic insights into illicit online communities and threat actor TTPs from Flashpoint Finished Intelligence. Organizations can quickly see potential threats based on the provided context and MITRE ATT&CK mappings.


By aggregating and normalizing threat data from any source, ThreatConnect’s Collective Analytics Layer helps users gain visibility into who is attacking their organization, view how often indicators are observed, and evaluate how relevant they are. The Finished Intelligence Reports, RIOs, and Technical Indicators datasets provide additional context to these investigations, and enable network managers and intelligence teams to remediate and take relevant action to support their business operations.

Integrated Flashpoint Datasets


Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.


Technical Indicators: Enable users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets, including those found in Flashpoint Finished Intelligence reports, allowing for seamless integration into users’ workflows and automated tools.

Risk Intelligence Observables (RIOs): Flashpoint leverages its unique access to underground communities to collect and deliver a near real-time stream of cyber observables that can identify illicit activity from inside forums and file-sharing communities focused on cybercrime, hacking, fraud, and extremism/terrorism. These high-fidelity observables include IP addresses, locations (city/ country), hosting providers, timestamps, and user-agent strings.

Did this answer your question?