App Components

The ThreatQuotient App for Splunk is composed of two required components:

• ThreatQuotient App for Splunk - uses user-specified matching to identify sightings, updates indicators using app-provided workflow actions, and sends sightings back to the ThreatQ platform in the form of events.
• ThreatQuotient Add-On for Splunk - pulls indicator exports from the ThreatQ platform and submits the data to the KVStore based on user configuration. An additional option, based on your setup, you can submit to the Splunk index.

Both components are downloaded and installed via Splunkbase.