Current ThreatQ Version Filter
 

Custom Objects

Custom objects are threat intelligence object types that are not seeded with the ThreatQ platform.

Several ThreatQ integrations require the use of custom objects in their functions. In those circumstances, the custom object files will be bundled with the integration on the ThreatQ Marketplace. These object types must be installed via the command line. To reduce installation effort and time, ThreatQuotient provides an installation script to automate the install actions.

Contact ThreatQ Support if you require a custom object outside of the ones bundled with integrations.

A typical download bundle would include:

  • integration file - typically a yaml for CDFs and .whl for operations and custom connectors.
  • custom object definition - json file for the custom object.
  • installation script - a script that, when executed, will automatically install the custom object.
  • images folder with svgs - an image file used to represent the custom object in the ThreatQ UI. These images are housed in the in a directory named images.

Installing a Custom Object

Use the following steps to install a custom object in ThreatQ v6:   

  1. Download the integration bundle from the ThreatQ Marketplace.
  2. Unzip the bundle and locate the custom object files.

    The custom object files will typically consist of a JSON definition file, install.sh script, and a images folder containing the svg icons.

  3. SSH into your ThreatQ instance.
  4. Navigate to the tmp folder:
    cd /var/lib/threatq/misc/

  5. Upload the custom object files, including the images folder.

    The directory structure should be as the following:

    • misc
      • install.sh
      • <custom_object_name>.json
      • images (directory)
        • <custom_object_name>.svg
  6. Run the following command:
    kubectl exec -it deployment/api-schedule-run -n threatq -- sh /var/lib/threatq/misc/install.sh /var/lib/threatq/misc

    The installation script will automatically put the application into maintenance mode, move the files to their required directories, install the custom object, update permissions, bring the application out of maintenance mode, and restart dynamo.

  7. Delete the install.sh, definition json file, and images directory from the misc directory after the object has been installed as these files are no longer needed.

Use the steps provided to install an integration-related custom object in ThreatQ v5. 

  1. Download the integration bundle from the ThreatQ Marketplace.
  2. Unzip the bundle and locate the custom object files.  

    The custom object files will typically consist of a JSON definition file, install.sh script, and a images folder containing the svg icons.  

  3. SSH into your ThreatQ instance.
  4. Navigate to the tmp folder:
    cd /tmp/

  5. Create a new directory for the custom object files:
    mkdir <integration_name>

  6. Upload the custom object files, including the images folder, to the new directory.
  7. Navigate to the integration name directory if you have not done so already.

    The directory structure should be as the following:

    • tmp
      • <integration_name>
        • install.sh
        • <custom_object_name>.json
        • images (directory)
          • <custom_object_name>.svg
  8. Run the following command to ensure you have the proper permissions to install the custom object:
    chmod +x install.sh

  9. Run the install script:
    sudo ./install.sh

    You must be in the directory that houses the install.sh and json file when running this command.
    The installation script will automatically put the application into maintenance mode, move the files to their required directories, install the custom object, update permissions, bring the application out of maintenance mode, and restart dynamo.
  10. Remove the temporary directory, after the custom object has been installed, as the files are no longer needed:
    rm -rf <integration_name>