Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
Authors: Nitish Singh, Nikhil Kumar Chadha, and Tanmay Kumar Introduction: The Monthly Intelligence Insights report provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in June 2026. The report also includes a s
Executive summary: Sysdig Threat Research reporting from July 2026 describes JADEPUFFER as an extortion operation in which an LLM-based agent appears to have performed many tactical intrusion steps after initial access: host discovery, credential col
CVE-2026-20245 matters as a control plane compromise that can lead to root access on Cisco Catalyst SD-WAN control components. The issue affects the CLI in Cisco Catalyst SD-WAN Controller, Manager, and Validator, which were formerly known as vSmart,
Currently, the Task Title field in the ThreatQ Create Tasks integration appears to only support static text.We would like to request support for dynamic attribute substitution in the Task Title, allowing attribute values from the associated object to
OverviewBetween March 30 and May 1, 2026, Cato CTRL researcher Vitaly Simonovich tracked a French-speaking cybercriminal known by the handle "Poisson" through every command of a 33-day intrusion operation. The result was 339 recorded commands, four c
TL;DRThe Gentlemen (operators tracked by Microsoft as Storm-2697) is a Russian-speaking, financially motivated ransomware-as-a-service operation that emerged mid-2025 from a Qilin affiliate split; its distinguishing feature is that operators centrall
FortiBleed should be treated as an edge-credential exposure event. If a FortiGate administrator or SSL VPN account is valid and exposed, an attacker may not need a new exploit. They may be able to log in directly. Public reporting describes a creden
Have a Product Idea? Help Shape the Future of Securonix Innovation at Securonix is driven by you — our customers and partners. Whether you’ve identified a gap, experienced a challenge, or have an idea for a new feature, we want to hear from you. We’
name: ErrTraffic ClickFix C2 API Endpoint Pattern Analyticsignatureid: PXY-WEB10-RUNcategory: 'Command and Control'threatname: 'Application Layer Protocol: Web Protocols'functionality: 'Web Proxy'description: | Detects outbound HTTP requests matchin
name: ErrTraffic ClickFix XOR-Decoded PowerShell Dropper Analyticsignatureid: WEL-PSH135-RUNcategory: 'Defense Evasion'threatname: 'Obfuscated Files or Information: Command Obfuscation'functionality: 'Microsoft Windows Powershell'description: | Dete
Did you know SAM understands Diamond Model Analysis? You can ask Sam to create a report on a violation, something that usually takes a LOT of time to do manually. While working a Violation, Ask Sam: Please prepare a diamond model analysisorFor this
Ability to Modify Alert Disposition After ClosureCurrently, if an alert is mistakenly closed as “True Positive” instead of “False Positive,” there is no option available to revert or modify the disposition after closure.Request:It would be very helpf
Greetings,I have an ask from a client to integrate CyberArk API instead of the syslog connector. Currently there is no OOTB parser for it. Would I have to get a cloud collector setup for it?Thank you,Martel
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
Hello, We have recently onboarded Cloudflare audit logs and was instructed by a technician that we could also bring in Cloudflare WAF logs on the same data source. It has been enabled on the application, but we are not seeing the WAF logs. Has anyone
We noticed a log source searchable period has been showing "16hr in future - 91 days ago" for the past 4-5days. How do we fix this?
Is there a reporting feature on the HUB to be able to alert when disk space is filling up, when resources are in over use, or when there is an excessive amount of failures going to the UI?
I have a ton of open and closed sources feeding reports, vulnerabilities & CVE indicators into ThreatQ. Because “reports”, “vulnerabilities”, and “indicators” are all different threat libraries inside of ThreatQ, I’ve struggled to find a way to d
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
Where security professionals share intelligence and strengthen defense together
Learn More →
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.