Community driven repository of Playbooks and Apps for ThreatConnect.

ThreatConnect Exchange App Framework

Cuckoo reporting module for version 1.2 stable

ThreatConnect Developer Documentation: https://docs.threatconnect.com/

ThreatConnect playbook checking if a URL has been archived in the wayback machine.

Sublime Text snippets for writing scripts in less than 60 seconds that use ThreatConnect's Python SDK.

A tool for publishing Abnormal email threat intelligence to ThreatConnect

Web app to calculate "indicators of compromise" confidence deprecation timelines (used with threat intel platforms such as ThreatConnect).

Sublime Text snippets for writing scripts that use ThreatConnect's TCEX module.

Helpful paradigms and constructs for creating effective and maintainable ThreatConnect Playbooks: https://pb-constructs.hightower.space/playbooks/

ThreatConnect playbook to read a Google Alerts RSS feed and create indicators from the links.

ThreatConnect Playbook app for reading the contents of a PDF.

ThreatConnect Exchange App Framework Templates

A script to create every available object in ThreatConnect.

Structured import for humans (written in JavaScript).

Cookiecutter template for quickly making quality spaces apps for ThreatConnect.

Cookiecutter template for quickly creating quality spaces apps for ThreatConnect.

Userscript for ThreatConnect - enhancements, and backing up config, follows data

Script utilities, programming snippets, and configs for using the ThreatConnect API, and analysis.

"Yet another ThreatConnect client" ("Yah-tzee"). A simple, barebones, CTI data-focused ThreatConnect API client.