Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
Did you know Sam can create an exhaustive cyber kill chain analysis for an incident for you? You can use the prompt below to kick it off - and then of course continue the conversation. Walk me through which stages of the Cyber Kill Chain this incide
name: Mini Shai-Hulud C2 and Exfiltration Infrastructure Connection Analyticcategory: 'Command and Control'threatname: 'Exfiltration Over Web Service'functionality: 'Web Proxy'description: | Detects outbound connections to infrastructure used by the
name: Mini Shai-Hulud Claude Code or VS Code Persistence Hook Injection Analyticcategory: 'Persistence'threatname: 'Event Triggered Execution: Installer Packages'functionality: 'Endpoint Management Systems'description: | Detects unauthorized modific
name: Mini Shai-Hulud gh-token-monitor Persistence Service Registration Analyticcategory: 'Persistence'threatname: 'Boot or Logon Autostart Execution: Systemd Service'functionality: 'Endpoint Management Systems'description: | Detects the installatio
name: Bun Runtime Spawned During npm Package Installation Analyticcategory: 'Execution'threatname: 'Command and Scripting Interpreter: JavaScript'functionality: 'Endpoint Management Systems'description: | Detects the Bun JavaScript runtime being sil
name: Mini Shai-Hulud Runner.Worker Memory Secret Extraction Analyticcategory: 'Credential Access'threatname: 'Unsecured Credentials: CI/CD Object Credentials'functionality: 'Endpoint Management Systems'description: | Detects the secret extraction g
In Frank Herbert's Dune, a Shai-Hulud is a sandworm: a massive, blind, consuming creature that moves beneath the surface, swallowing everything in its path. It is an apt name for what security researchers discovered on May 11, 2026, buried inside som
In Part One, the argument was that AI is undergoing the same miniaturization arc that turned the 1980s brick phone into the supercomputer in your pocket. Pocket-sized devices running 120-billion-parameter models offline. Photonic chips doing in light
Ability to Modify Alert Disposition After ClosureCurrently, if an alert is mistakenly closed as “True Positive” instead of “False Positive,” there is no option available to revert or modify the disposition after closure.Request:It would be very helpf
Greetings,I have an ask from a client to integrate CyberArk API instead of the syslog connector. Currently there is no OOTB parser for it. Would I have to get a cloud collector setup for it?Thank you,Martel
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
Hello!I tried to register for a partner account and log in, but I was unsuccessful. I received a message that my account was blocked. I tried to recover my forgotten password, but I didn't receive an email requesting password recovery.
Hello, We have recently onboarded Cloudflare audit logs and was instructed by a technician that we could also bring in Cloudflare WAF logs on the same data source. It has been enabled on the application, but we are not seeing the WAF logs. Has anyone
We noticed a log source searchable period has been showing "16hr in future - 91 days ago" for the past 4-5days. How do we fix this?
Is there a reporting feature on the HUB to be able to alert when disk space is filling up, when resources are in over use, or when there is an excessive amount of failures going to the UI?
I have a ton of open and closed sources feeding reports, vulnerabilities & CVE indicators into ThreatQ. Because “reports”, “vulnerabilities”, and “indicators” are all different threat libraries inside of ThreatQ, I’ve struggled to find a way to d
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
Where security professionals share intelligence and strengthen defense together
Learn More →
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
