Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
Hello, We have recently onboarded Cloudflare audit logs and was instructed by a technician that we could also bring in Cloudflare WAF logs on the same data source. It has been enabled on the application, but we are not seeing the WAF logs. Has anyone
We noticed a log source searchable period has been showing "16hr in future - 91 days ago" for the past 4-5days. How do we fix this?
Is there a reporting feature on the HUB to be able to alert when disk space is filling up, when resources are in over use, or when there is an excessive amount of failures going to the UI?
name: Axios Supply Chain Node Spawning curl Download of Python Script to tmp Analyticcategory: 'Execution'threatname: 'Command and Scripting Interpreter: Python'functionality: 'Endpoint Management Systems'description: | Detects Node.js or npm proces
name: Axios Supply Chain Anomalous IE8 User Agent with npm Registry POST Body Mimicry Analyticcategory: 'Command and Control'threatname: 'Application Layer Protocol: Web Protocols'functionality: 'Web Proxy'description: | Detects the C2 beacon patter
name: Axios Supply Chain Renamed PowerShell Executing from ProgramData Analyticcategory: 'Defense Evasion'threatname: 'Masquerading: Rename System Utilities'functionality: 'Endpoint Management Systems'description: | Detects a Windows Terminal proces
name: Axios Supply Chain - npm Lifecycle Hook Spawning VBScript Dropper Analyticcategory: 'Execution'threatname: 'Command and Scripting Interpreter: Visual Basic'functionality: 'Endpoint Management Systems'description: | Detects npm or Node.js proce
name: Masqueraded MSBuild Execution from Windows Startup Folder Analyticsignatureid: TELNYX2category: 'Persistence'threatname: 'Boot or Logon Autostart Execution: Startup Folder'functionality: 'Endpoint Management Systems'description: | Detects exec
name: TeamPCP Archived Credential Exfiltration via HTTP POST Analyticsignatureid: PXY-TELNYX1category: 'Exfiltration'threatname: 'Exfiltration Over C2 Channel'functionality: 'Web Proxy'description: |Detects HTTP POST requests containing the X-Filenam
Campaign: TeamPCP — Telnyx PyPI Supply Chain CompromiseSamples: hangup.wav (Windows steganographic carrier), linux_payload.py (decoded _p credential harvester)What Happened...On March 27, 2026, the threat actor group TeamPCP published two trojanized
I have a ton of open and closed sources feeding reports, vulnerabilities & CVE indicators into ThreatQ. Because “reports”, “vulnerabilities”, and “indicators” are all different threat libraries inside of ThreatQ, I’ve struggled to find a way to d
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
When a feed fails—or while developing a new feed—users often download Feed Run files to troubleshoot and understand what went wrong.Currently, these files are automatically zipped and password protected. This design helps prevent the files from being
Where security professionals share intelligence and strengthen defense together
Learn More →
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
