https://knowledge.threatconnect.com/docs OverviewAs part of its Indicator enrichment feature, CAL™ leverages aggregated data from public safelists and a manually curated safelist maintained by the ThreatConnect ® CAL Team to identify non-malicious Indicators in ThreatConnect and Polarity. Indicators on the CAL safelist are labeled in ThreatConnect and Polarity, allowing you to quickly determine that they are benign, thereby reducing false positives and improving the efficiency of your threat intelligence operations. In addition, Indica ... Sat, 06 Jun 2026 22:31:19 GMT ThreatConnect Platform > Threat Intelligence > CAL https://knowledge.threatconnect.com/docs/cal-safelist-and-known-good-indicators https://knowledge.threatconnect.com/docs/cal-safelist-and-known-good-indicators ImportantThis article contains the current version of the ThreatConnect® release notes for version 8.0, including all currently available patches. The most recent version is 8.0.1. See the Maintenance Releases Changelog section for a list of updates made for patch versions after the 8.0 release.New Features and FunctionalityVersion 8.0 marks a significant milestone in ThreatConnect’s evolution. This release introduces the Agentic Threat Intelligence Platform—a reimagining of what a threat intell ... Sat, 06 Jun 2026 20:56:47 GMT Release Notes > ThreatConnect Platform Release Notes https://knowledge.threatconnect.com/docs/8-0-release-notes https://knowledge.threatconnect.com/docs/8-0-release-notes OverviewThe CAL™ Doc Analysis Service is an innovative, automated behind-the-scenes service that powers ThreatConnect® features to extract essential insights from natural-language sources, including reports, blogs, emails, and more. This service efficiently converts and classifies information into machine-readable formats that map to information models like MITRE ATLAS™, MITRE ATT&CK®, the North American Industry Classification System (NAICS), the National Vulnerability Database (NVD), and more, ... Mon, 01 Jun 2026 18:06:04 GMT ThreatConnect Platform > Threat Intelligence > CAL https://knowledge.threatconnect.com/docs/cal-doc-analysis-service https://knowledge.threatconnect.com/docs/cal-doc-analysis-service ImportantThis article contains the current version of the ThreatConnect® release notes for version 7.12, including all currently available patches. The most recent version is 7.12.3-M0528R. See the Maintenance Releases Changelog section for a list of updates made for patch versions after the 7.12.0 release.New Features and FunctionalityThreat Graph: Bulk Pivots and EnrichmentIn version 7.12 of ThreatConnect, you can now select multiple nodes in Threat Graph and pivot on or enrich those nodes in ... Fri, 29 May 2026 13:08:14 GMT Release Notes > ThreatConnect Platform Release Notes https://knowledge.threatconnect.com/docs/7-12-release-notes https://knowledge.threatconnect.com/docs/7-12-release-notes MITRE ATT&CK Enterprise v19MITRE ATT&CK® Enterprise is the industry-standard taxonomy of adversarial tactics, techniques, and procedures (TTPs) used by real-world threat actors. Through deep integration with this framework, CAL enriches and classifies threat intelligence at scale, providing analysts a structured, consistent foundation for identifying attack patterns, mapping adversary behavior, and prioritizing investigations across their intelligence workflows.CAL has been updated to MITRE ATT& ... Thu, 28 May 2026 19:42:30 GMT Release Notes > CAL Release Notes https://knowledge.threatconnect.com/docs/cal-3-15-4-release-notes https://knowledge.threatconnect.com/docs/cal-3-15-4-release-notes Polarity Web (UI) Wed, 20 May 2026 14:19:27 GMT Polarity > Polarity Release Notes https://knowledge.threatconnect.com/docs/polarity-web-v5 https://knowledge.threatconnect.com/docs/polarity-web-v5 Polarity Server V5.3.4 (Latest)The latest 5.3.3 release of the Polarity Server is a server side patch that addresses some identified vulnerabilities, adds in support for TLS connections to Redis and PostgreSQL, fixed an issue with integration functions being called out of order, added the ability to configure SMTP without having setting a username. Issues AddressedAddressed issue with integration functions sometimes being called before the startup function causing integrations to stop. Addressed ... Wed, 20 May 2026 14:19:04 GMT Polarity > Polarity Release Notes https://knowledge.threatconnect.com/docs/polarity-platform-v5 https://knowledge.threatconnect.com/docs/polarity-platform-v5 Can’t Connect to the Polarity ServerThings to CheckPolarity Server URLPolarity Server connection proxy settingsPolarity Server login methodPolarity Server credentialsThings to DoReview your onboarding emailContact your Polarity Server administratorIf your Polarity Server URL ends in “.polarity.io”, feel free to reach out to Polarity directly!If your Polarity Server URL does not end in “.polarity.io”, we do not have access to your Polarity Server. However, if you are unsure who your Polarity Ser ... Wed, 13 May 2026 20:08:55 GMT Polarity > Polarity Enterprise Users Guide https://knowledge.threatconnect.com/docs/troubleshooting-the-polarity-client https://knowledge.threatconnect.com/docs/troubleshooting-the-polarity-client Software VersionThis guide applies to the Recorded Future Intelligence Engine app version 1.0.x, which is deprecated. Click here to view Threat Intelligence Engine for Recorded Future Integration User Guide for version 2.0.x.OverviewThe ThreatConnect® integration with Recorded Future® ingests Domain, Hash, IP, URL, and Vulnerability Risk List entities, as well as Analyst Notes, from Recorded Future. After ingesting these data, the integration creates corresponding objects with select Recorded Fu ... Fri, 08 May 2026 20:14:08 GMT ThreatConnect Platform > Apps and Integrations > Premium Threat Intelligence Feed Integrations > Recorded Future https://knowledge.threatconnect.com/docs/recorded-future-intelligence-engine-integration-user-guide-version-1 https://knowledge.threatconnect.com/docs/recorded-future-intelligence-engine-integration-user-guide-version-1 NoteThis guide applies to the Threat Intelligence Engine for Recorded Future app version 2.0.12. Click here to view Recorded Future Intelligence Engine Integration Guide for version 1.0.x.OverviewThe Threat Intelligence Engine for Recorded Future feed API service app ingests Recorded Future® Risk List entities (Domain, Hash, IP, URL, and Vulnerability), Threat Map entities (Malware and Actor), Alert (Standard and Playbook) entities, and Analyst Notes and creates corresponding objects in ThreatCo ... Fri, 08 May 2026 17:36:06 GMT ThreatConnect Platform > Apps and Integrations > Premium Threat Intelligence Feed Integrations > Recorded Future https://knowledge.threatconnect.com/docs/threat-intelligence-engine-for-recorded-future-integration-user-guide https://knowledge.threatconnect.com/docs/threat-intelligence-engine-for-recorded-future-integration-user-guide NoteThis guide applies to the Microsoft Graph Security Threat Indicators app version 3.0.0.ImportantAll versions of the Microsoft Graph Security Threat Indicators job app prior to 3.0.0 are deprecated and do not function properly due to Microsoft®’s deprecation of the tiIndicator resource type and the associated APIs for creating Indicators in Microsoft Sentinel™ and Microsoft Defender™ for Endpoint environments. Version 3.0.0 requires a separate installation and supports only export of Indicato ... Thu, 07 May 2026 22:53:25 GMT ThreatConnect Platform > Apps and Integrations > IT Infrastructure Integrations https://knowledge.threatconnect.com/docs/microsoft-graph-security-threat-indicators-integration-user-guide https://knowledge.threatconnect.com/docs/microsoft-graph-security-threat-indicators-integration-user-guide NoteThis guide applies to the Dataminr Pulse Alerts Engine app version 2.0.5.OverviewThe Dataminr Pulse Alerts Engine feed API service app unlocks the power of real-time alerting in ThreatConnect® by ingesting Dataminr Pulse Cyber Alerts and converting them into actionable intelligence in ThreatConnect. The app ingests Cyber Alerts from Dataminr Pulse Alert Lists every 10 minutes and creates corresponding objects in ThreatConnect with select Dataminr Pulse metadata and AI-powered context:Alerts ... Thu, 07 May 2026 21:42:44 GMT ThreatConnect Platform > Apps and Integrations > Premium Threat Intelligence Feed Integrations https://knowledge.threatconnect.com/docs/dataminr-pulse-alerts-engine-integration-user-guide https://knowledge.threatconnect.com/docs/dataminr-pulse-alerts-engine-integration-user-guide OverviewIntelligence feeds are structured data pipelines for ingesting Indicators (e.g., IP addresses, domains, file hashes, URLs) and Groups that help users evaluate the distinct value and quality of various threat intelligence data.The Feed Explorer displays active and inactive open-source intelligence (OSINT) and CAL feeds on your ThreatConnect® instance, along with CAL™-derived metrics and a report card for each feed that compares its performance to aggregated data. System Administrators can ... Tue, 05 May 2026 22:37:32 GMT ThreatConnect Platform > Threat Intelligence https://knowledge.threatconnect.com/docs/the-feed-explorer https://knowledge.threatconnect.com/docs/the-feed-explorer OverviewSecurity labels allow you to designate the sensitivity of data in ThreatConnect®. You can leverage security labels to limit information shared across ThreatConnect owners, as well as filter on and query ThreatConnect data by sensitivity level.ExampleWhen copying Group data from one ThreatConnect owner to another, you can select security labels to include or exclude when determining which of the Group’s attributes, associated Groups, associated Indicators, and attributes of the associated ... Mon, 04 May 2026 12:25:31 GMT ThreatConnect Platform > Settings and Administration https://knowledge.threatconnect.com/docs/custom-security-labels https://knowledge.threatconnect.com/docs/custom-security-labels NoteThis guide applies to the Google Threat Intelligence app version 1.0.1.OverviewThe Google Threat Intelligence feed API service app ingests Collections via Threat Landscape and their associated Indicators of Compromise (IoCs) from Google® Threat Intelligence (Google TI) and creates corresponding objects in ThreatConnect® with select Google TI metadata:Reports are created as Report Groups in ThreatConnect. Where possible, ThreatConnect also adds ATT&CK Tags representing MITRE ATT&CK® technique ... Fri, 01 May 2026 19:30:52 GMT ThreatConnect Platform > Apps and Integrations > Premium Threat Intelligence Feed Integrations https://knowledge.threatconnect.com/docs/google-threat-intelligence-integration-user-guide https://knowledge.threatconnect.com/docs/google-threat-intelligence-integration-user-guide Admins can manage users and user groups by navigating to the Team page link link in the left navigation bar.Managing UsersAdding Team MembersTo add a team member click on the ADD TEAM MEMBER button on the top right. Team member can also be added by cloning an existing user (discussed further below).Steps add a team member:Set a usernameEnter the user's full nameProvide a valid email address for the userSet initial password for the userSet the user as an Admin User or Enable/Disable the account.C ... Fri, 01 May 2026 15:54:14 GMT Polarity > Polarity Enterprise Users Guide > Administrator Settings https://knowledge.threatconnect.com/docs/team-management https://knowledge.threatconnect.com/docs/team-management This guide provides step-by-step instructions to download and install the Polarity Offline Integration Store.PrerequisitesBefore you begin, ensure the following requirements are met:Operating System:Debian LinuxRed Hat LinuxPolarity Platform:Version 5 must already be installed on the machine.Step 1: Download the InstallerDownload the installer file from the link provided by Polarity Support.Step 2: Prepare the InstallerOpen a terminal window.Navigate to the directory where the installer file was ... Thu, 30 Apr 2026 22:21:18 GMT Polarity > Polarity Administrators Guide > Polarity Server v5 > Advanced Polarity Administration https://knowledge.threatconnect.com/docs/polarity-offline-integration-store https://knowledge.threatconnect.com/docs/polarity-offline-integration-store OverviewIndicator confidence deprecation is an automated process that lowers an Indicator’s Confidence Rating over time if the Confidence Rating is not being maintained through updates. When you configure a confidence deprecation rule for a given Indicator type, ThreatConnect will lower the Indicator’s Confidence Rating by a certain amount or percentage if the Confidence Rating has not changed during the specified time interval. If the Indicator’s Confidence Rating drops to 0, ThreatConnect will ... Wed, 29 Apr 2026 15:45:18 GMT ThreatConnect Platform > Settings and Administration > Indicator Confidence Deprecation https://knowledge.threatconnect.com/docs/indicator-confidence-deprecation https://knowledge.threatconnect.com/docs/indicator-confidence-deprecation OverviewThe Dataminr Cyber Pulse Limited feed unlocks the power of real-time alerting in ThreatConnect® by delivering Dataminr Pulse Cyber Alerts with Urgent and Flash severity levels directly into ThreatConnect every five minutes, creating corresponding objects with select Dataminr Pulse metadata and AI-powered context:Alerts are created as Event Groups in ThreatConnect. Intel Agent and Live Brief AI content from Dataminr Pulse are included as AI insights for the Event Group in ThreatConnect, w ... Tue, 28 Apr 2026 19:20:53 GMT ThreatConnect Platform > Threat Intelligence https://knowledge.threatconnect.com/docs/dataminr-cyber-pulse-limited-feed https://knowledge.threatconnect.com/docs/dataminr-cyber-pulse-limited-feed OverviewATT&CK® RQ Financial Impact, a feature powered by ThreatConnect Risk Quantifier (RQ), allows you to visualize the relative amount of potential financial loss from an attack that uses a particular MITRE ATT&CK® technique or set of techniques.Organization Administrators can customize the ATT&CK RQ Financial Impact calculation by applying their company’s firmographics, such as industry sector and gross revenue. Within the ATT&CK Visualizer, you can apply the Financial Impact overlay to stan ... Fri, 17 Apr 2026 14:21:30 GMT ThreatConnect Platform > Threat Intelligence > ATT&CK Visualizer https://knowledge.threatconnect.com/docs/attack-rq-financial-impact https://knowledge.threatconnect.com/docs/attack-rq-financial-impact