Silobreaker Operation
The web format of this guide reflects the most current release. Guides for older iterations are available in PDF format.
Integration Details
ThreatQuotient provides the following details for this integration:
| Current Integration Version | 1.0.0 |
| Compatible with ThreatQ Versions | >= 4.0.0 |
| Support Tier | Not Actively Supported |
Introduction
The Silobreaker Operation for ThreatQ enables a user to query Silobreaker for any reputation context for a given indicator of compromise.
The operation provides the following actions:
- In Focus - queries Silobreaker for the top 'x' related entities for a given entity.
- Heat - queries Silobreaker for the most recent documents pertaining to an
entity and its' related entities
The operation is compatible with the following system objects:
- Adversaries
- Identities
- Indicators
- URL
- FQDN
- IP Address
- CVE
- MD5
- SHA-1
- SHA-256
- Username
- ASN
- Malware
- TTPs
- Vulnerabilities
Installation
This integration can be installed in the My Integration section of your ThreatQ instance. See the Adding an Integration topic for more details.
Configuration
ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.
To configure the integration:
- Navigate to your integrations management page in ThreatQ.
- Select the Operation option from the Type dropdown (optional).
- Click on the integration entry to open its details page.
- Enter the following parameters under the Configuration tab:
Parameter Description API Key Your Silobreaker API Key. Shared Key Your Silobreaker Shared Key. Count Per Entity Type The number of each entity type you'd like returned. The default setting is 10. - Review any additional settings, make any changes if needed, and click on Save.
- Click on the toggle switch, located above the Additional Information section, to enable it.
Actions
The operation provides the following actions:
| Action | Description | Object Type | Object Subtype |
|---|---|---|---|
| In Focus | Queries Silobreaker for the top 'x' related entities for a given entity such as a Threat Actor or Malware. | Adversaries, Identities, Indicators, Malware, TTPs, Vulnerabilities | Indicators - URL, FQDN, IP Address, CVE, MD5, SHA-1, SHA-256, Username, ASN |
| Heat | Queries Silobreaker for the most recent documents pertaining to an entity and its' related entities. | Adversaries, Identities, Indicators, Malware, TTPs, Vulnerabilities | Indicators - URL, FQDN, IP Address, CVE, MD5, SHA-1, SHA-256, Username, ASN |
In Focus
The In Focus action queries Silobreaker for the top 'x' related entities for a given entity such as a Threat Actor or Malware.
Example Result
Heat
The In Focus action queries Silobreaker for the top 'x' related entities for a given entity such as a Threat Actor or Malware.
Action Parameters
Running the Heat action requires you to enter/confirm the following options:
| Parameter | Description |
|---|---|
| Entity Types | Select which entity types you want to query. |
| Size | Enter how many, of each entity, to return. |
Example Result
Change Log
- Version 1.0.0
- Initial release
PDF Guides
| Document | ThreatQ Version |
|---|---|
| Silobreaker Operation Guide v1.0.0 | 4.0.0 or Greater |