This document is intended to provide solution providers with an understanding of how to become a Developer Partner by developing an approved integration for the ThreatConnect Platform. This document is geared towards both a business and technical audience with specific items called out for each focus.
In order to begin this process, you’ll need to define two key resources:
Primary Business Contact - Responsible for coordinating business-related conversations and meeting the business needs for integrations.
This person should have a firm understanding of your product’s value proposition and how you interact with SOAR Platforms.
This person should be familiar with the process of handling legal documents within your business.
This person should be familiar with the key resources within your marketing and product teams and able to involve them as appropriate for our activities.
Primary Technical Contact - Responsible for coordinating technical conversations and meeting technical objectives for integrations.
This person should have a firm understanding of your product’s value proposition and how you interact with SOAR Platforms.
For integrations that may live in the ThreatConnect Platform, this person should have experience with Python 3 and working with common frameworks is required.
This person should be familiar with your product’s APIs, should have access to an API specifically for testing, and should be able to grant new access to the API for our testing.
The ability to provide ongoing support for your integration directly with your customers that make use of it.
We provide our customers with support for our Platform but ask you to support your specific integration.
We support you with any issues that you may find in your integration that requires assistance from us.
Complete this form and select Technology or Integration Partner as the type to submit your initial information to us.
We will send you our MNDA document for you to sign in preparation for discussions with us on your integration scenario.
Review our Videos - Platform Introduction. This video provides a general overview of the ThreatConnect Platform. Regardless of your proposed use case, it’s important for you to develop an understanding of how the ThreatConnect Platform is used to ensure that your contribution is valuable.
Visit Integrations - Typesand select an integration type that best meets your use case.
Grab the latest Solution Brief template here. Complete all of the required information within the Solution Brief based on the type of integration you’ve selected. After your Solution Brief is completed, submit it to us for review:
Visit our approvals form where you should create an account for our ticket system.
After creating an account, complete the approval form:
Select the Approval Type of “Solution Brief Approval”
Provide a summary of your submission that includes your company and integration type. For example:
ThreatSolutions External REST Integration
SecuLast On-Demand Enrichment
Attach your completed document to the form in the “Attachment” section.
Send the document for review.
Please allow up to 3 business days for someone from the Technology Partners team to review your submission and reply to you with feedback.
Please allow up to 3 business days for someone from the Technology Partners team to review your submission and reply to you with feedback.
We’ll reach out to you to schedule a technical call with a ThreatConnect Solutions Engineer to discuss your proposal further. We can provide guidance on how to further extend your integration scenario and ensure that it aligns properly with one of our Integrations - Types.
This is an opportunity for your technical resources to join the call and discuss any development-related questions with us. |
We provide access to the ThreatConnect PartnerStage to provide you with a place to get hands-on familiarity with our Platform as well as develop and test your solution. We will discuss granting access to this environment as part of our technical call. The initial person to gain this access will become the Organization Administrator and can add others and create API credentials.
See our Getting Started - PartnerStage guide for helpful information about this environment. |
Based on the guidance from your technical call, you will be expected to extend your Solution Brief document into a complete Solution Design document. Specific guidance for what should be provided is in the Solution Design template as well as on the specific Integration Description page for your selected integration type.
See our examples included in the Solution Design section for an idea of a finished product. |
After your Solution Design is completed, submit it to us for review:
Visit our approvals form:
Select the Approval Type of “Solution Design Approval”
Provide a summary of your submission that includes your company and integration type. For example:
ThreatSolutions External REST Integration
SecuLast On-Demand Enrichment
Attach your completed document to the form in the “Attachment” section.
Send the document for review.
Please allow up to 3 business days for someone from the Technology Partners team to review your submission and reply to you with feedback.
Please allow up to 3 business days for someone from the Technology Partners team to review your submission and reply to you with feedback.
We will provide you with a Technology Partners Agreement that must be signed in order for us to complete vetting on your integration.
Once this agreement is signed, we can optionally work with you on a Press Release to announce your participation in this program. |
Based on the approved Solution Design, you should begin work on your integration according to the information within the appropriate Integration Description that has been selected. During this time, you are expected to:
Complete your deliverable code based on the description in your design.
Perform unit testing against your code within your development environment.
For Integrations - Threat Intelligence Feed Description:
Work with the ThreatConnect Solutions Engineer to install your deliverable into the Platform.
For all in-platform integration types:
You perform in-platform testing against your solution to ensure that it works properly.
For all external integration types:
You perform testing within your own platform against your solution to ensure that it works properly.
You develop your User Documentation in accordance with our guidelines.
During this time, your ThreatConnect Solutions Engineer is available to provide technical assistance with any questions you may have. |
After your assets are completed and ready for our review, they should be submitted as an approval:
Visit our approvals form:
Select the Approval Type of “Solution Vetting”
Provide a summary of your submission that includes your company and integration type. For example:
ThreatSolutions External REST Integration
SecuLast On-Demand Enrichment
Attach your complete assets:
Deliverable packages based on Integration Type (in-platform integrations):
Threat Intelligence Feed - TCX File created using tcpackage.
Playbooks App - ABX File exported from AppBuilder.
Playbook Template - PBX File export from Playbook Designer.
User Documentation
Submit your assets for review.
We will reach out to you to request access to your Platform in order to complete our testing.
Regardless of your integration type, we must have access to test all features of your integration in order to complete vetting.
We will complete the vetting process against your integration as described here.
We will provide any feedback on changes necessary and work together with you to complete the value in your integration.
We cannot complete the vetting process for your integration until after a Technology Partners Agreement is in place. |
Once your integration has been approved from the vetting process, we will work with you to publish it appropriately. Some examples of typical ways it is published:
For in-platform integrations, packages and documentation are published on the ThreatConnect GitHub (Playbook-related items here, Threat Intelligence Feed-related items here).
Partners are asked to take the lead on all collateral (data sheets, press releases, etc.) with ThreatConnect available to assist with any content creation.
Integrations are listed on our website here.
Technology Partners are listed on our website here.
Our teams can work together to identify appropriate opportunities for publishing.