Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
Canary Shares Canary shares are decoy network file shares strategically deployed across an enterprise environment to detect unauthorized network reconnaissance and lateral movement. These honeypot shares are configured with enticing names like "Finan
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
Canary Files Canary files are decoy documents placed in strategic locations to detect unauthorized file access, data exfiltration attempts, or ransomware activity. Besides creating these files manually in your network, Blue Teams can use free online
A state-sponsored supply chain attack compromised Notepad++'s update infrastructure from June to December 2025, Ampcus Cyber enabling Chinese APT group Lotus Blossom Securelist (aka Billbug, Lotus Panda, Raspberry Typhoon) to deliver malicious payloa
Introduction Cyber deception is a proactive defense strategy that deploys decoy assets (canaries, honeypots, honeytokens) throughout your environment to detect adversary presence. Unlike traditional security tools that rely on signatures or known mal
The Interlock ransomware group has weaponized a gaming anti-cheat driver vulnerability (CVE-2025-61155) in a sophisticated BYOVD attack chain to disable endpoint security tools before encryption. This novel technique emerged in campaigns targeting he
The 2024 funding crisis exposed a fundamental truth: we've built critical infrastructure without critical infrastructure protection.CVE IDs are now the universal language of vulnerability management. Every major vendor uses them. Every scanner depend
Beyond patching for VMware vCenter Server's DCERPC protocol, I HIGHLY recommend incorporating Sysmon and Sysmon For Linux into any security stack. And here's why. From a Sysmon telemetry perspective, detecting exploitation attempts and post-compromis
Last year in October, phishing statistics show a tactical evolution with 40% of business-targeted phishing emails now AI-generated, producing perfectly personalized, grammatically flawless attacks that eliminate traditional detection markers. Attacke
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
When a feed fails—or while developing a new feed—users often download Feed Run files to troubleshoot and understand what went wrong.Currently, these files are automatically zipped and password protected. This design helps prevent the files from being
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
