https://knowledge.threatconnect.com/docs OverviewATT&CK® RQ Financial Impact, a feature powered by ThreatConnect Risk Quantifier (RQ), allows you to visualize the relative amount of potential financial loss from an attack that uses a particular MITRE ATT&CK® technique or set of techniques.Organization Administrators can customize the ATT&CK RQ Financial Impact calculation by applying their company’s firmographics, such as industry sector and gross revenue. Within the ATT&CK Visualizer, you can apply the Financial Impact overlay to stan ... Fri, 17 Apr 2026 14:21:30 GMT ThreatConnect Platform > Threat Intelligence > ATT&CK Visualizer https://knowledge.threatconnect.com/docs/attack-rq-financial-impact https://knowledge.threatconnect.com/docs/attack-rq-financial-impact Polarity Command CenterGeminiFor Google Gemini models use the following configuration:LLM ProviderSelect Gemini as the ProviderLLM ModelSelect your LLM Model from the Dropdown.  API keyAdd your Gemini API KeySave your settings and click on the “Test AI Configuration” button to ensure your settings work.OpenAI ModelsFor models hosted by OpenAI use the following configuration:LLM ProviderSelect OpenAI as the ProviderLLM ModelSelect your LLM Model from the Dropdown.  API keyAdd your OpenAI API KeyB ... Fri, 17 Apr 2026 12:56:00 GMT Polarity > Polarity Administrators Guide > Polarity Server v5 https://knowledge.threatconnect.com/docs/configure-command-center-ai https://knowledge.threatconnect.com/docs/configure-command-center-ai Overview The CAL™ Global Threat Score provides a globally informed, baseline reputation score for Indicators in ThreatConnect® and Polarity by analyzing aggregated and anonymized intelligence from across the broader security community. This article explains the following: What the CAL Global Threat Score represents How the CAL Global Threat Score is derived at a conceptual level Why this scoring system is designed to be trustworthy and resilient How analysts should use the CAL Global Threat Sc ... Sun, 12 Apr 2026 14:31:16 GMT ThreatConnect Platform > Threat Intelligence > CAL https://knowledge.threatconnect.com/docs/cal-global-threat-score https://knowledge.threatconnect.com/docs/cal-global-threat-score Overview The CAL™ Doc Analysis Service is an innovative, automated behind-the-scenes service that powers ThreatConnect® features to extract essential insights from natural-language sources, including reports, blogs, emails, and more. This service efficiently converts and classifies information into machine-readable formats that map to information models like MITRE ATLAS™, MITRE ATT&CK®, the North American Industry Classification System (NAICS), the National Vulnerability Database (NVD), and mor ... Sat, 11 Apr 2026 19:53:34 GMT ThreatConnect Platform > Threat Intelligence > CAL https://knowledge.threatconnect.com/docs/cal-doc-analysis-service https://knowledge.threatconnect.com/docs/cal-doc-analysis-service Important This article contains the current version of the ThreatConnect® release notes for version 7.12, including all currently available patches. The most recent version is 7.12.3. See the Maintenance Releases Changelog section for a list of updates made for patch versions after the 7.12.0 release. New Features and Functionality Threat Graph: Bulk Pivots and Enrichment In version 7.12 of ThreatConnect, you can now select multiple nodes in Threat Graph and pivot on or enrich those nodes i ... Wed, 08 Apr 2026 23:52:12 GMT Release Notes > ThreatConnect Platform Release Notes https://knowledge.threatconnect.com/docs/7-12-release-notes https://knowledge.threatconnect.com/docs/7-12-release-notes OverviewA ThreatConnect® Query Language (TQL) query expression includes a parameter name, an operator, and a value or list of values, and you can combine multiple query expressions using parentheses and AND/OR logic. This article provides a list of all TQL operators and parameters available in ThreatConnect. Note A value’s case sensitivity may depend on database deployment type, the operator being applied to it, or other factors. OperatorsTable 1 describes the ThreatConnect Query Language (TQL) ... Mon, 06 Apr 2026 21:25:45 GMT ThreatConnect Platform > Threat Intelligence > ThreatConnect Query Language (TQL) https://knowledge.threatconnect.com/docs/tql-operators-and-parameters https://knowledge.threatconnect.com/docs/tql-operators-and-parameters OverviewA ThreatConnect Query Language (TQL) query is constructed by using a parameter name, an operator, and a value or list of values, and you can combine multiple queries with parentheses and AND/OR logic. This article provides example TQL queries you can use in ThreatConnect. For a complete list of TQL operators and parameters you can use when constructing TQL queries, see TQL Operators and Parameters. Hint You may also view a list of TQL parameters for a given object type by sending an API ... Mon, 06 Apr 2026 21:18:53 GMT ThreatConnect Platform > Threat Intelligence > ThreatConnect Query Language (TQL) https://knowledge.threatconnect.com/docs/constructing-query-expressions https://knowledge.threatconnect.com/docs/constructing-query-expressions Important This article contains the current version of the ThreatConnect® release notes for version 7.11, including all currently available patches. The most recent version is 7.11.2-M0402R. See the “Maintenance Releases Changelog” section for a list of updates made for patch versions after the 7.11.0 release. New Features and Functionality ThreatConnect 7.11 takes the themes established in version 7.10 around standardization, streamlined user experience, and focus and builds upon them subst ... Mon, 06 Apr 2026 17:10:56 GMT Release Notes > ThreatConnect Platform Release Notes https://knowledge.threatconnect.com/docs/7-11-release-notes https://knowledge.threatconnect.com/docs/7-11-release-notes NoteThis guide applies to the Google Threat Intelligence app version 1.0.1.OverviewThe Google Threat Intelligence feed API service app ingests Collections via Threat Landscape and their associated Indicators of Compromise (IoCs) from Google® Threat Intelligence (Google TI) and creates corresponding objects in ThreatConnect® with select Google TI metadata:Reports are created as Report Groups in ThreatConnect. Where possible, ThreatConnect also adds ATT&CK Tags representing MITRE ATT&CK® technique ... Thu, 02 Apr 2026 21:28:42 GMT ThreatConnect Platform > Apps and Integrations > Premium Threat Intelligence Feed Integrations https://knowledge.threatconnect.com/docs/google-threat-intelligence-integration-user-guide https://knowledge.threatconnect.com/docs/google-threat-intelligence-integration-user-guide Software VersionThis guide applies to the Flashpoint Ignite Threat Intelligence Engine App version 1.0.5.OverviewThe Flashpoint Ignite Threat Intelligence Engine App in ThreatConnect® ingests Alerts, Attributes, Events, Reports, and Vulnerabilities from Flashpoint® Ignite and creates corresponding objects in ThreatConnect with select Flashpoint Ignite metadata:Alerts are created as Event Groups in ThreatConnect. Some Alerts have associated images that are created as Document Groups. Attributes a ... Sun, 29 Mar 2026 16:25:50 GMT ThreatConnect Platform > Apps and Integrations > Premium Threat Intelligence Feed Integrations https://knowledge.threatconnect.com/docs/flashpoint-ignite-threat-intelligence-engine-integration-user-guide https://knowledge.threatconnect.com/docs/flashpoint-ignite-threat-intelligence-engine-integration-user-guide OverviewThe ThreatConnect® search engine includes a bulk Indicator search feature that enables you to efficiently process and analyze large volumes of Indicator data from an uploaded file. The ThreatConnect search engine parses the file for Indicators and then searches for those Indicators across all your ThreatConnect owners, returning a results set of identified Indicators categorized as follows:Known Indicators: Indicators that exist in one of your owners.Unknown Indicators: Indicators that d ... Sun, 29 Mar 2026 15:37:50 GMT ThreatConnect Platform > Analyzing and Visualizing Your Data > Searching in ThreatConnect https://knowledge.threatconnect.com/docs/bulk-searching-indicators https://knowledge.threatconnect.com/docs/bulk-searching-indicators OverviewEach Indicator in ThreatConnect® has an Indicator Status that specifies whether the Indicator is active or inactive:Active: The Indicator is, or has the potential to be, an Indicator of Compromise (IOC) at the current time.Inactive: The Indicator is not currently an IOC, but is retained in ThreatConnect for recordkeeping purposes rather than being deleted. Inactive Indicators are not included in responses for requests to the ThreatConnect APIs.Knowledge of whether an Indicator is active ... Sun, 29 Mar 2026 05:00:23 GMT ThreatConnect Platform > Threat Intelligence https://knowledge.threatconnect.com/docs/indicator-status https://knowledge.threatconnect.com/docs/indicator-status OverviewThe Dataminr Cyber Pulse Limited feed unlocks the power of real-time alerting in ThreatConnect® by delivering Dataminr Pulse Cyber Alerts with Urgent and Flash severity levels directly into ThreatConnect every five minutes, creating corresponding objects with select Dataminr Pulse metadata and AI-powered context:Alerts are created as Event Groups in ThreatConnect. Intel Agent and Live Brief AI content from Dataminr Pulse are included as AI insights for the Event Group in ThreatConnect, w ... Sun, 29 Mar 2026 04:23:52 GMT ThreatConnect Platform > Threat Intelligence https://knowledge.threatconnect.com/docs/dataminr-cyber-pulse-limited-feed https://knowledge.threatconnect.com/docs/dataminr-cyber-pulse-limited-feed Given:A Linux ServerAccess to install standard software from repositoriesA valid Polarity LicenseThe Polarity Server install scriptProcedure:Enterprise Linux variantsDebian Linux variantsInstall prerequisite software:Includes the following software:epel-releasepodmanpodman-composejqpostgresqlwgetcontainer-selinuxpolicycoreutils-python-utilspython3-dotenvCommands:# Install and update the EPEL repository sudo dnf install epel-release -y sudo dnf update -y # Ensure PostgreSQL module version is up ... Thu, 26 Mar 2026 21:46:13 GMT Polarity > Polarity Administrators Guide > Polarity Server v5 > Installing Polarity Server v5 https://knowledge.threatconnect.com/docs/polarity-server-v5-fresh-install-podman https://knowledge.threatconnect.com/docs/polarity-server-v5-fresh-install-podman Options to get Polarity version 5Polarity Server version 5 is available by the following methods:Fresh Install on a New Docker ServerThis is the standard installation for Polarity Server v5.Requires Docker.Assumes Docker service is running with root privileges.Fresh Install on a New Podman ServerRequires Podman.Assumes Podman service is running without root privileges (ie. in user space).Assumes installation user may use sudo privileges.Upgrade from Polarity Server version 4Requires Docker.Assum ... Thu, 26 Mar 2026 21:46:01 GMT Polarity > Polarity Administrators Guide > Polarity Server v5 > Installing Polarity Server v5 https://knowledge.threatconnect.com/docs/polarity-installing-server-v5 https://knowledge.threatconnect.com/docs/polarity-installing-server-v5 OverviewDocument Parsing Import leverages the CAL™ Doc Analysis Service to parse an unstructured file or a text block to identify Groups with known aliases in CAL and Indicators and import them into ThreatConnect®. When parsing Groups, this import engine also extracts and imports explicit MITRE ATLAS™ techniques and tactics and MITRE ATT&CK® Enterprise techniques, sub-techniques, tactics, malware, tools, intrusion sets, and courses of action, as well as Common Vulnerabilities and Exposures (CVE® ... Thu, 26 Mar 2026 21:23:13 GMT ThreatConnect Platform > Threat Intelligence > Adding Data to ThreatConnect https://knowledge.threatconnect.com/docs/document-parsing-import https://knowledge.threatconnect.com/docs/document-parsing-import OverviewThe AI Exploited-Vulnerability Analyzer helps you prioritize time-sensitive reports on zero-day and exploited vulnerabilities in the CAL™ Automated Threat Library (ATL) Source in ThreatConnect® by identifying and labeling Report Groups on these topics with the Topic: Zero Day and Topic: Vulnerability Tags and providing a more specific and vulnerability-focused artificial intelligence (AI) summary for the Reports. In addition, the AI Exploited-Vulnerability Analyzer powers zero-day-specif ... Thu, 26 Mar 2026 16:51:35 GMT ThreatConnect Platform > Threat Intelligence > CAL https://knowledge.threatconnect.com/docs/ai-exploited-vulnerability-analyzer https://knowledge.threatconnect.com/docs/ai-exploited-vulnerability-analyzer OverviewThe MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework is a knowledge base that uses metadata codes to standardize and classify adversary goals (tactics) and offensive actions (techniques). ThreatConnect® leverages the MITRE ATT&CK® framework in various areas across the platform to optimize the way you use your threat intelligence to understand adversaries, automate workflows, and mitigate threats.Before You StartUser RolesTo view ATT&CK Tags, your user accou ... Tue, 24 Mar 2026 14:54:29 GMT ThreatConnect Platform > Threat Intelligence https://knowledge.threatconnect.com/docs/mitre-attack-ai-classification-in-threatconnect https://knowledge.threatconnect.com/docs/mitre-attack-ai-classification-in-threatconnect Table 1 provides all of the source blogs in the CAL Automated Threat Library Source, including the source URL and corresponding ThreatConnect Tag for each blog.Blog NameSource URLThreatConnect Tag360 Netlab Bloghttps://blog.netlab.360.comBlog: 360 Netlab BlogAnti-malware.ruhttps://www.anti-malware.ruBlog: Anti-malware.ruAustralian Cyber Security Centrehttps://www.cyber.gov.auBlog: Australian Cyber Security Centrebellingcathttps://www.bellingcat.comBlog: bellingcatBitdefenderhttps://www.bitdefend ... Tue, 24 Mar 2026 14:54:19 GMT ThreatConnect Platform > Threat Intelligence > CAL https://knowledge.threatconnect.com/docs/cal-automated-threat-library-atl-supported-blogs https://knowledge.threatconnect.com/docs/cal-automated-threat-library-atl-supported-blogs The CAL™ 3.15 release introduces improvements to the CAL Automated Threat Library (ATL) and expanded AI-based MITRE ATT&CK® classification coverage. These updates improve the quality of intelligence extracted from reports and expand the sources analysts can use for threat monitoring.CAL Automated Threat Library (ATL) UpdatesThe CAL Automated Threat Library Source has been significantly enhanced to improve the quality, reliability, and timeliness of threat intelligence derived from cybersecurity ... Tue, 24 Mar 2026 14:53:54 GMT Release Notes > CAL Release Notes https://knowledge.threatconnect.com/docs/cal-3-15-release-notes https://knowledge.threatconnect.com/docs/cal-3-15-release-notes