The purpose of this document is to provide you with initial information on how to get started with the ThreatConnect PartnerStage Environment. If you do not already have access to the PartnerStage Environment, please contact the Technology Partners team for access.
This document contains knowledge that may be useful to others using your organization’s PartnerStage access. Please share a link to this document with each person that receives access to the PartnerStage environment.
The ThreatConnect PartnerStage Environment is a shared platform provided to Developer Partners in order to facilitate development of integrations with the ThreatConnect Platform.
By default, your organization’s account is set to expire 60 days after creation unless you have already provided us with a completed Solution Design for an integration or have an integration in place with ThreatConnect today. Once a design for at least one integration has been approved, this limitation may be lifted.
With the exception of the organization administrator’s account (first person created), the remainder of the accounts within the PartnerStage environment for an organization should be managed by the organization’s administrator. This includes creating API accounts and additional users.
If a password reset is required for an account, use the Forgot Password link from the login screen. If this does not work, please contact the Technology Partners team for assistance.
First-Time Login Process
This section describes the login process for your PartnerStage accounts depending on your account’s role. You will need your initial password:
For the organization administrator, your password will be communicated to you by the Technology Partners team in your PartnerStage setup email.
For normal users, you will receive a welcome email with your initial password.
With that login information available, your login process should flow in this way:
Upon reaching the PartnerStage environment, you should see the login screen similar to the one below:
Enter your email address and the initial password you were provided for your account and select Sign In.
You may be prompted to accept the TOS for this environment. If you agree with the terms for your organization, select Accept to continue.
You will be prompted to reset your password. Enter a new password for your account in both fields and select Sign In.
You will be prompted with the Profile Settings page. Follow these steps:
Enter a pseudonym for your own account. This can be any value that is not already in use.
(For organization administrators only) Enter a pseudonym for your organization. This can be any value that is not already in use.
Select your job function and organizational role. If you select Other, you must enter a description into the field.
You will be presented with the Dashboard screen and your setup is complete.
Creating New Users
Organization Administrators are responsible for creating all new user accounts within their own organization. To create a new user account, follow the steps below:
From the Dashboard screen, select the cog wheel at the top-right of the screen and select Org Settings:
You will be prompted with the Organization Settings screen. Select the button on the left-hand side of the screen for the type of user you would like to create:
Create API User - Use this button to create a set of API credentials for use with the REST API or ThreatConnect development frameworks.
Create TAXII User - Use this button to create a new user within the built-in TAXII server.
Create User - Use this button to create another normal user account within your organization.
You will be prompted with the User Administration screen. Enter the appropriate details for each user including a valid email address. Select Save to create the account. For regular user accounts, the user will receive a welcome message that contains login instructions.
Getting Started with Indicators
It may be necessary for your efforts with the PartnerStage environment to use existing Indicators within the ThreatConnect platform. Your account comes pre-configured with a set of Indicators from OSINT sources. You can browse these indicators by selecting Browse > Indicators from the menu at the top of the screen.
By default, the Browse screen will show all indicator types available. You can filter this screen by selecting the Indicator types from the left-hand side:
To clear the types of indicators currently shown, select the Indicators heading. Then select the Indicator type(s) you wish to display.
Please see these API documents for parameters available for Groups or Indicators.
Your account has been configured in such a way that you should contribute Indicators into a separate Source than your login Organization. This is more realistic to how you would contribute Indicators into the Platform via an integration. Your Source is configured as <Company Name> Source. For example, if your company is named SecuLast, your login Organization is SecuLast and your Source will be named SecuLast Source.
When contributing Indicators via the API, be certain you specify the name of your Source.
By default, you can only contribute 100 Indicators into your Organization and a limited number (50000 Indicators for non-feeds, 500000 indicators for feeds) into your Source. If you need this limit increased, please contact your ThreatConnect Solutions Engineer.
Getting Started with Playbooks
The ThreatConnect Platform offers simple drag-and-drop automation using Playbooks. To access the Playbooks listing, select the Playbooks item from the menu at the top of the screen. From this screen, you can create new Playbooks and import existing Playbooks.
It is recommended that you review the following resources to get started with Playbooks:
These playbooks can be downloaded and then imported into your PartnerStage environment to allow you to review them. Many of these require third-party credentials to be fully functional and therefore can serve as references only.
Getting Started with App Builder
The ThreatConnect Platform offers the App Builder as a tool to help build Playbook Apps that require Python logic. To access App Builder, select the Playbooks > Apps item from the menu at the top of the screen. From this screen, you can create new Apps and import existing App projects.
It is recommended that you review the following resources to get started with App Builder:
By default, you may not be able to build or release Playbook Apps until you have completed appropriate training on your integration.
App Builder offers the ability to perform a Live Debug of your app. You must ensure that you toggle Live Debug off once you have completed your debugging session to avoid resource issues on the PartnerStage Environment.
For documentation related to development for the ThreatConnect platform, please see the ThreatConnect Developer Documentation located at the link below:
Please note the following things with this documentation:
To use the REST API example provided in the documentation with the PartnerStage environment, you must ensure that your API_PATH includes /api/. Otherwise, you may receive an error indicating that your signature was unexpected. For example:
The Python SDK documentation remains available but this implementation is considered deprecated as of 5/2019. Please see the ThreatConnect App Framework (tcex) instead.
Apps built to run in-platform on ThreatConnect use the ThreatConnect App Framework (tcex).
See this page with examples of implementing the TcEx framework using Python.
The following important notes apply to integrations with the ThreatConnect PartnerStage and possibly other instances as noted:
When implementing the Playbooks ‘Send Email’ App on PartnerStage, you must add the advanced setting ‘email_transport’ with a value of ‘SMTPS’. This is required for any instance using Amazon SES for email transport.