ThreatSTOP is now a ThreatConnect partner, integrating our DNS and IP threat intelligence directly into ThreatConnect's market-leading Threat Intelligence (TIP) and Security Orchestration, Automation, and Response (SOAR) Platform.

ThreatSTOP aggregates threat intelligence from hundreds of sources to define custom policies loaded on Firewalls and DNS Servers to block malicious connections and DNS lookups. The “Active IOCs” integration between ThreatSTOP and ThreatConnect automates the import of the IOCs from ThreatSTOP Policies into the ThreatConnect TIP. This provides users with the ability to:

  • Browse the IOCs in their current ThreatSTOP policies and view their meta data.
  • Leverage their ThreatSTOP Policies in ThreatConnect playbooks.



The integration allows users of both platforms to select one or multiple ThreatSTOP policies and import their IOCs in the ThreatConnect Platform. The IOCs are imported hourly as ThreatSTOP policies are updated.


Data Mapping

Targets are ThreatSTOP’s atomic building blocks for policies, typically grouping
IOCs by the associated threat. Each IOC is imported with the following data:

  • Threat Type
  • Severity Level
  • Confidence Level
  • First and Last dates seen 

As well as date added and last modified. 

A ThreatConnect integration can be added within the ThreatSTOP console: 

ThreatSTOP console adding ThreatConnect


Once the integration is live, IOCs from ThreatSTOP will be visible in the ThreatConnect console as in this example:

ThreatConnect TIP Console IOCs

With a few clicks of the mouse Threatconnect and ThreatSTOP deliver a smooth, seamless integration. The end result is deep visibility into the threat landscape within the ThreatConnect Platform, powered by ThreatSTOP's operationalized threat intelligence. 

You can get the full guide on integration here