Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
Have a Product Idea? Help Shape the Future of Securonix Innovation at Securonix is driven by you — our customers and partners. Whether you’ve identified a gap, experienced a challenge, or have an idea for a new feature, we want to hear from you. We’
name: ErrTraffic ClickFix C2 API Endpoint Pattern Analyticsignatureid: PXY-WEB10-RUNcategory: 'Command and Control'threatname: 'Application Layer Protocol: Web Protocols'functionality: 'Web Proxy'description: | Detects outbound HTTP requests matchin
name: ErrTraffic ClickFix XOR-Decoded PowerShell Dropper Analyticsignatureid: WEL-PSH135-RUNcategory: 'Defense Evasion'threatname: 'Obfuscated Files or Information: Command Obfuscation'functionality: 'Microsoft Windows Powershell'description: | Dete
There's a particular kind of dread that sets in when two well understood attacker techniques, each individually annoying but manageable, get packaged together into a single commercial product. That's exactly what's happened with ErrTraffic, a Malware
Audience: Administrators, Analysts, MSSPs, New Platform UsersProduct Module: Training and EnablementLast Updated: June 15, 2026KB ID: KB-20260615-training-office-hoursTags: training, office hours, enablement, zoom, learning sessions, IST, US office h
Authors: Dheeraj Kumar IntroductionThe Monthly Intelligence Insights report provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in May 2026. The report also includes a synopsis of the threats, indicators of co
Securonix UDS Content Library This catalog provides a central place for customers to discover dashboards available for Unified Data Source (UDS), with a focus on threat detection, investigation, operations, executive reporting, and compliance.How to
name: Suspicious WMI QoS Policy Instance Creation Targeting Security Processes Analyticsignatureid: EDR-SYM933-RUNcategory: 'Defense Evasion'threatname: 'Impair Defenses: Disable or Modify Tools'functionality: 'Endpoint Management Systems'description
Published: June 10, 2026Tags: Defense Evasion, EDR Bypass, Red Team, T1562.001, Windows InternalsIntroductionFor years, the conversation around EDR bypass has centered on one of two approaches: kill the agent process outright, or cut its network acce
Audience: Securonix Administrators, Identity Administrators, MSSPs Product Module: Administration → Settings → SAML Settings Last Updated: February 27, 2026 KB ID: KB-20260227-uds-sso-login-failuresTags: SAML, SSO, Azure AD, Okta, Authentication, Red
Did you know SAM understands Diamond Model Analysis? You can ask Sam to create a report on a violation, something that usually takes a LOT of time to do manually. While working a Violation, Ask Sam: Please prepare a diamond model analysisorFor this
Ability to Modify Alert Disposition After ClosureCurrently, if an alert is mistakenly closed as “True Positive” instead of “False Positive,” there is no option available to revert or modify the disposition after closure.Request:It would be very helpf
Greetings,I have an ask from a client to integrate CyberArk API instead of the syslog connector. Currently there is no OOTB parser for it. Would I have to get a cloud collector setup for it?Thank you,Martel
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
Hello, We have recently onboarded Cloudflare audit logs and was instructed by a technician that we could also bring in Cloudflare WAF logs on the same data source. It has been enabled on the application, but we are not seeing the WAF logs. Has anyone
We noticed a log source searchable period has been showing "16hr in future - 91 days ago" for the past 4-5days. How do we fix this?
Is there a reporting feature on the HUB to be able to alert when disk space is filling up, when resources are in over use, or when there is an excessive amount of failures going to the UI?
I have a ton of open and closed sources feeding reports, vulnerabilities & CVE indicators into ThreatQ. Because “reports”, “vulnerabilities”, and “indicators” are all different threat libraries inside of ThreatQ, I’ve struggled to find a way to d
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
Where security professionals share intelligence and strengthen defense together
Learn More →
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
