Current ThreatQ Version Filter
 

OAuth Credentials

The threatq:oauth2-client artisan command allows you to register a new OAuth2 client, list existing clients by group, and update an existing client's secret.

OAuth Registration Command

You can run a command that allows registering a new private OAuth2 client to be used by custom integrations. The Client ID/Secret generated by the command can be used by custom integrations to interact with the API but cannot be used to log into the user interface.

  1. SSH to your ThreatQ installation.
  2. Create a new client id and client secret password using the following command:
    kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:oauth2-client --name="Custom Integration"

    You should see output for the new custom integration user:

    session_timeout_minutes: 1440
    name: Custom Integration
    type: private
    client_id: ntdjzwe3mduyyjqxyjdiyza5mzyxmtkx
    client_secret: YThlOTBlZjM0YTYxNWM1YjVkODdmMTdjNGY5MzZkYTg4M2RmYmRiZGJmNjk1OTRm
    updated_at: 2020-01-14 14:03:27
    created_at: 2020-01-14 14:03:27

  1. SSH to your ThreatQ installation.
  2. Navigate to the api directory using the following command:
    cd /var/www/api

  3. Create a new client id and client secret password using the following command:
    php artisan threatq:oauth2-client --name="Custom Integration"

    You should see output for the new custom integration user:

    session_timeout_minutes: 1440
    name: Custom Integration
    type: private
    client_id: ntdjzwe3mduyyjqxyjdiyza5mzyxmtkx
    client_secret: YThlOTBlZjM0YTYxNWM1YjVkODdmMTdjNGY5MzZkYTg4M2RmYmRiZGJmNjk1OTRm
    updated_at: 2020-01-14 14:03:27
    created_at: 2020-01-14 14:03:27

Flag Options

There are flag options for type and user-groups.

Type

The default type is private. The ThreatQ UI uses a Front E/UI specific to Client ID to get /request access tokens. Further authentication is required to be sent with the client that is trying to access the API for the command.

The are two options for the type flag:

  • private - Private Client ID/Secret
  • public - Client ID without the secret

Flag example:

--type private

User-Groups

All clients, users, and connectors are associated with groups.

There are three options for the user-groups:

  • admin - can access everything
  • analyst - can access most threat intel

    Some configuration endpoints are not accessible to analysts.

  • observer - read-only access

Flag example:

--user_group admin

Generating a List of Clients

The list option allows you to generate a list of clients by group.  By default, this command lists analyst group clients but you can add the user_group option to create a list of clients assigned to another group.

  1. SSH to your ThreatQ installation.
  2. Generate a list of clients in the analyst group using the following command:
    kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:oauth2-client --list

    Or, generate a list of client in a another group.

    kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:oauth2-client --user_group "<name of group>" --list

    If you enter a group name that does not exist, you are prompted to choose from a list of existing groups.

  1. SSH to your ThreatQ installation.
  2. Navigate to the api directory using the following command:
    cd /var/www/api

  3. Generate a list of clients in the analyst group using the following command:
    php artisan threatq:oauth2-client --list

    Or, generate a list of client in a another group.

    php artisan threatq:oauth2-client --user_group "<name of group>" --list

    If you enter a group name that does not exist, you are prompted to choose from a list of existing groups.

Changing the Client Secret for a Credential

  1. SSH to your ThreatQ installation.
  2. Update the client secret for existing credentials using the following command:
    kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:oauth2-client --name="<name of client>" --update-client-secret

    If you enter a client name that does not exist, the system returns the following exception:
    Client "<client name>" does not exist.

  1. SSH to your ThreatQ installation.
  2. Navigate to the api directory using the following command:
    cd /var/www/api

  3. Update the client secret for existing credentials using the following command:
    php artisan threatq:oauth2-client --name="<name of client>" --update-client-secret

    If you enter a client name that does not exist, the system returns the following exception:
    Client "<client name>" does not exist.