Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
name: Axios Supply Chain Node Spawning curl Download of Python Script to tmp Analyticcategory: 'Execution'threatname: 'Command and Scripting Interpreter: Python'functionality: 'Endpoint Management Systems'description: | Detects Node.js or npm proces
name: Axios Supply Chain Anomalous IE8 User Agent with npm Registry POST Body Mimicry Analyticcategory: 'Command and Control'threatname: 'Application Layer Protocol: Web Protocols'functionality: 'Web Proxy'description: | Detects the C2 beacon patter
name: Axios Supply Chain Renamed PowerShell Executing from ProgramData Analyticcategory: 'Defense Evasion'threatname: 'Masquerading: Rename System Utilities'functionality: 'Endpoint Management Systems'description: | Detects a Windows Terminal proces
name: Axios Supply Chain - npm Lifecycle Hook Spawning VBScript Dropper Analyticcategory: 'Execution'threatname: 'Command and Scripting Interpreter: Visual Basic'functionality: 'Endpoint Management Systems'description: | Detects npm or Node.js proce
name: Masqueraded MSBuild Execution from Windows Startup Folder Analyticsignatureid: TELNYX2category: 'Persistence'threatname: 'Boot or Logon Autostart Execution: Startup Folder'functionality: 'Endpoint Management Systems'description: | Detects exec
name: TeamPCP Archived Credential Exfiltration via HTTP POST Analyticsignatureid: PXY-TELNYX1category: 'Exfiltration'threatname: 'Exfiltration Over C2 Channel'functionality: 'Web Proxy'description: |Detects HTTP POST requests containing the X-Filenam
Campaign: TeamPCP — Telnyx PyPI Supply Chain CompromiseSamples: hangup.wav (Windows steganographic carrier), linux_payload.py (decoded _p credential harvester)What Happened...On March 27, 2026, the threat actor group TeamPCP published two trojanized
I have a ton of open and closed sources feeding reports, vulnerabilities & CVE indicators into ThreatQ. Because “reports”, “vulnerabilities”, and “indicators” are all different threat libraries inside of ThreatQ, I’ve struggled to find a way to d
Audience: Security Analysts, SOC Leads, Architects, MSSPsProduct Module: Threat Analytics / Detection EngineeringLast Updated: March 23, 2026KB ID: KB-20260323-sta-previewTags: Securonix, Threat Analytics, SIEM, Microsoft Sentinel, Risk Scoring, Dete
Here’s what happened...While browsing a legitimate Formula 1 news site, a programmatic ad creative hijacks your browser session and redirects to a sophisticated social engineering operation impersonating McAfee. The attack chain traversed multiple su
We noticed a log source searchable period has been showing "16hr in future - 91 days ago" for the past 4-5days. How do we fix this?
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
When a feed fails—or while developing a new feed—users often download Feed Run files to troubleshoot and understand what went wrong.Currently, these files are automatically zipped and password protected. This design helps prevent the files from being
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
