ThreatQ
App Vendor: ThreatQuotient
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: 1.0.0
About App
ThreatQ serves as an open and extensible threat intelligence platform that allows you to automate the intelligence lifecycle, quickly understand threats, make better decisions and accelerate detection and response.
The ThreatQ app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
List indicators | This action retrieves the list of all indicators from ThreatQ. |
Query indicators | This action queries a single indicator from ThreatQ. |
Create indicator | This action creates an indicator on ThreatQ. |
List adversary | This action retrieves the list of all adversaries from ThreatQ. |
Query adversary | This action queries a single adversary from ThreatQ. |
Create adversary | This action creates an adversary on ThreatQ. |
List event | This action retrieves the list of all events from ThreatQ. |
Query event | This action queries a single event from ThreatQ. |
Create event | This action creates an event on ThreatQ. |
Generic Action | This is a generic action used to make requests to any ThreatQ endpoint. |
Configuration Parameters
The following configuration parameters are required for the ThreatQ app to communicate with the ThreatQ enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access ThreatQ. Example: "https://www.thisismythreatqhost.com" | Text | Required | |
Email ID | Enter the email ID to authenticate with. | Text | Required | |
Password | Enter the password to authenticate with. | Text | Required | |
Client ID | Enter the client ID to pass with the requests. | Text | Required | |
Verify | Choose to verify the SSL certificate or not. | Boolean | Optional |
Action: List indicators
This action retrieves the list of all indicators from ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the response limit of the indicators. | Integer | Optional |
Action: Query indicators
This action queries a single indicator from ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator | Enter the indicator to query for. | Text | Required | |
With | Specify any additional fields to use in a comma separated string line. Example: "sources, score" | Text | Optional |
Action: Create indicator
This action creates an indicator on ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator value | Enter the indicator value to create. | Text | Required | |
Indicator type | Enter the type of the indicator. | Text | Required | |
Indicator source list | Enter the indicator sources as a list. Example: [{“name”: “malware traffic analysis”}] | List | Required | |
Indicator status | Enter the status of the indicator. | Text | Required |
Action: List adversary
This action retrieves the list of all adversaries from ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the response limit of the adversaries. | Integer | Optional |
Action: Query adversary
This action queries a single adversary from ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Adversary | Enter the adversary to query for. | Text | Required | |
With | Specify any additional fields to use in a comma separated string line. Example: "sources, score" | Text | Optional |
Action: Create adversary
This action creates an adversary on ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Adversary name | Enter the adversary name to create. | Text | Required | |
Adversary sources | Enter the sources list for this adversary. Example: [{"name": "riskiq"}] | List | Required |
Action: List event
This action retrieves the list of all events from ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the response limit of the events. | Integer | Optional |
Action: Query event
This action queries a single event from ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event | Enter the event to query for. | Text | Required | |
With | Specify any additional fields to use in a comma separated string line. Example: "sources, score" | Text | Optional |
Action: Create event
This action creates an event on ThreatQ.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event title | Enter the event title to create. | Text | Required | |
Event type | Enter the event type to create. | Text | Required | |
Event sources | Enter the sources list for this event. Example: [{"name": "firewall"}] | List | Required | |
Event happened at | Enter the event happened-at data. | Text | Required |
Action: Generic Action
This is a generic action used to make requests to any ThreatQ endpoint.
Parameter | Description | Field Type | Required/Optional | Comments |
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. | Text | Required | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_data, files |