{"id":18908989,"url":"https://github.com/bitdefender/bitdefender-threat-connect-integration-app","last_synced_at":"2026-03-19T07:04:32.379Z","repository":{"id":98862057,"uuid":"226891498","full_name":"bitdefender/Bitdefender-Threat-Connect-integration-app","owner":"bitdefender","description":null,"archived":false,"fork":false,"pushed_at":"2020-01-28T17:28:30.000Z","size":20043,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-01T09:04:33.901Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitdefender.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-09T14:31:00.000Z","updated_at":"2020-01-28T17:28:32.000Z","dependencies_parsed_at":"2023-03-17T07:30:12.327Z","dependency_job_id":null,"html_url":"https://github.com/bitdefender/Bitdefender-Threat-Connect-integration-app","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bitdefender/Bitdefender-Threat-Connect-integration-app","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitdefender%2FBitdefender-Threat-Connect-integration-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitdefender%2FBitdefender-Threat-Connect-integration-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitdefender%2FBitdefender-Threat-Connect-integration-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitdefender%2FBitdefender-Threat-Connect-integration-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitdefender","download_url":"https://codeload.github.com/bitdefender/Bitdefender-Threat-Connect-integration-app/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitdefender%2FBitdefender-Threat-Connect-integration-app/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29365620,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T08:51:36.827Z","status":"ssl_error","status_checked_at":"2026-02-12T08:51:26.849Z","response_time":55,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T09:29:56.731Z","updated_at":"2026-02-12T12:03:51.399Z","avatar_url":"https://github.com/bitdefender.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n**Bitdefender Advanced Threat Intelligence** is a  security service that enables security professionals to make more informed decisions by providing real-time threat knowledge that can be easily integrated in their existing technology stack.  The solution delivers up-to-date,  contextual intelligence on URLs, IPs, domains, certificates, files, Command and Control servers and Advanced Persistent Threats to Security Operation Centers (SOCs), Managed Security Service Providers (MSSPs), Managed Detection \u0026 Response (MDR) companies, IT security and investigation consultancies and large enterprises that need to block ingenious threats.\n\nBitdefender offers the following feeds as part of its offering:\n\n - **APT-IPs-feed** - *Feed of IPs associated with Advanced Persistent Threats*  \n - **APT-filehashes-feed** - *Feed of file hashes associated with Advanced Persistent Threats*  \n - **CNC-IPs-feed** - *Feed of IPs associated with command-and-control servers*  \n - **Phishing domains** – *Feed with domain addresses that are known to be associated to phishing attacks*  \n - **Malware domains** - *Feed with domain addresses that are known to be associated with malware*\n\nThis document describes how to integrate the Bitdefender Advanced Threat Intelligence service with the ThreatConnect Platform. Once the integration is successful, the IOCs provided by Bitdefender Advanced Threat Intelligence service will be visible in the ThreatConnect platform and ready for usage.\n\n# App installation\n\n## Requirements\nBefore proceeding with the installation, please ensure the following items are already available:\n\n - Access to ThreatConnect instance  \n - At least one ThreatConnect API user (See [Creating User Accounts](https://kb.threatconnect.com/customer/en/portal/articles/2188549-creating-user-accounts))  \n - Bitdefender Authentication Token . This is  provided by Bitdefender and it is used for authentication when connecting to Bitdefender Advanced Threat Intelligence services\n\n## Installation\nBitdefender Advanced Threat  Intelligence app for ThreatConnect is available on Github at: [Github Link](https://github.com/ThreatConnect-Inc/threatconnect-jobs/tree/master/apps/Bitdefender-Advanced%20Threat%20Intelligence). Download the app package (represented by the file with the *tcx* extension and install it in your instance. \n\n\u003e The steps required to install the app are outlined in the\n\u003e ThreatConnect System   Administration Guide (Install an App and Feed\n\u003e Deployer).   Additionally, for more information you can contact your\n\u003e ThreatConnect Customer Success   Engineer\n\n## Attributes configuration\n\n## ThreatConnect Job Configuration\n\n\u003e **Note:** This step is not required for users who use Feed Deployer as it is automatically performed by the Feed Deployer Wizard\n\nThe ThreatConnect Platform provides the ability for customers to schedule applications as jobs, specifically known as Job apps, that can  \nbe run at configured intervals. Bitdefender has developed a Job app for ThreatConnect customers by the name of Bitdefender Threat Intelligence that handles the complete process of downloading and ingesting the threat feed into the ThreatConnect Platform. In  \norder to configure the Bitdefender job, follow the steps mentioned below:\n\n 1. In your ThreatConnect console, navigate to the gear-icon on the top menu bar. From the drop-down menu, click on **Org Settings**\n 2. Select the **Apps** tab , then click on the small `+` icon to add a new job\n 3. Enter a name for the **Job** name (e.g. *Bitdefender Daily download*). From the **Run Program** drop-down list select **Bitdefender Threat Intelligence** . Press **Next** to proceed to the next configuration screen\n \n \u003e **Note:** If you cannot see **Bitdefender Threat Intelligence** listed as an option, double check the App Installation step above or  contact your Customer Success Engineer\n \u003e \n 4. In the next screen configure the Job parameters as follows:\n\t * **Bitdefeder API key** : The auth token that was provided by your Bitdefender representative. If you do not have an API key, send an email to oem-sales@bitdefender.com\n\t * **Feed Type** : choose the feeds for which you want data to be downloaded. The feed description can be found in the previous section - ***Introduction***\n\t * **Hash type** : for each file indicators, specify the hash type you want to be added. Currently for each file indicator, MD5, SHA1 and SHA256 are available as hash types. If there is a need to have multiple hashes available for each file indicator, recreate a new job and specify a different hash value\n\t * **Threat Rating** : set  the default *Threat Rating* assigned by ThreatConnect Platform to the imported indicators\n\t *  **Confidence level** : modify the *Confidence* score assigned to imported indicators\n\t * **Log level** : specify the Job log level. Useful when debugging the job execution\n\t * **ThreatConnect Owner** : select Bitdefender Threat Intelligence as the owner of imported data.\n 5. Press **Next** to move to the next screen where options regarding job schedule can be configured:\n \u003e **Note:** For Confidence level, we recommend leaving a value of 100 due to the low rate of false-positive it is expected to be returned by the  Bitdefender Threat Intelligence feeds\n\n\u003e **Note**: Bitdefender recommends configuring the job to run on a 1h interval to ensure that the latest data is fed in the ThreatConnect platform\n\n 7. Finally, press **Next** to configure **Notifications** about job execution\n 8. Press **Save** to store the job in the ThreatConnect platform\n\nThe new job created should be listed in the **Jobs** list table. The job will not run until it is marked as active. \n\n\u003e To activate the job, move the slider in the right direction. \n\u003e \n\n\u003e \n\u003e **Note**: Data will  start flowing in the ThreatConnect Platform either when the scheduled time is met or when a manual trigger is performed. To trigger manually the job, go the Job previously defined and click the **Run Job** button located in the *Options* column\n\n## Indicator deprecation configuration\nFrom time to time, Bitdefender retires indicators in its threat feed that it estimates are, no longer malicious and pose any significant threat.  \n\nThese indicators previously ingested into the ThreatConnect Platform should also be deleted accordingly to avoid false-positives.  ThreatConnect provides the ability for users to configure an indicator deprecation policy to allow ThreatConnect indicators to drop in   confidence rating if their confidence rating is not being maintained and updated. Once the indicator rating reaches a minimum value (i.e.  \n0%), it can either be set to inactive or delete. \n\nTo configure an indicator deprecation policy depending upon the type of your ThreatConnect instance, please refer to the detailed knowledge-base article from ThreatConnect: [CONFIGURING INDICATOR CONFIDENCE  \nDEPRECATION](https://kb.threatconnect.com/customer/en/portal/articles/2239026-configuring-indicator-confidence-deprecation) (See section Configuring Indicator Confidence Deprecation for an Organization and Configuring Indicator Confidence Deprecation for a Community or Source)  \n\nThe recommended indicator deprecation rule settings for Bitdefender threat feed are as follows:  \n\n - **Action at Minimum** selected to be **Delete** so that indicators are deleted as soon as they reach minimum confidence  \n - **Percentage** checkbox checked which means that indicator confidence will be dropped as a percent of its previous  \nvalue  \n- **Confidence** amount set to 100 so that 100% of an indicator's confidence is dropped\n- **Interval** value set to 1 day which is the period after which the confidence *emphasized text*will be dropped  \n- **Recurring** checkbox also selected so that deprecation is performed on a recurring basis  \n\nIn simple words the recommended deprecation rule can be stated as, \"*After every day, drop the confidence of each indicator by   100% of its previous value and when any indicator's confidence reaches the minimum value, delete it from ThreatConnect\"*\n\n# Viewing and filtering the data\nTo view the data, click on **Browse** button located in the top menu of ThreatConnect console. From here, there are two options: either filter by selecting a specific **Indicator** or by searching for a specific **Indicator** name .\n\nThe mapping between Bitdefender feed data and the Indicators and Tags that are added in ThreatConnect can be observed in the table \n\n|Feed name| Indicator type | Tag\n|--|--|--|\n| APT File IP  |  Address | apt-ip\n| APT File feed | File | apt-file\n| C\u0026C IP | Address| c2-ip\n| Phishing Domains | Host | phishing-domains\n| Malware Domains | Host | malware-domains\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitdefender%2Fbitdefender-threat-connect-integration-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitdefender%2Fbitdefender-threat-connect-integration-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitdefender%2Fbitdefender-threat-connect-integration-app/lists"}