Current ThreatQ Version Filter
OpenDXL Data Transport Components
The following table contains key components, terms, and definitions regarding the ThreatQ Data Exchange OpenDXL Data Transport.
| Component/Term | Definition |
|---|---|
| Activity Log | The Activity Log, located on the bottom-right of the Topology View, provides an audit trail for TQX activity such as when a new node has been added to your connection and when you submitted or received information from a Data Feed.
|
| Client | The term Client is used to refer to other platform instances when creating a Connection Bundle. |
| Client Discovery Pane | The Client Discovery pane is accessible by clicking on the transport node in your Topology View. Users can view the instances they are connected with and which data feeds they are submitting to those instances. 
|
| Connection Bundle | The connection bundle is a zip file containing connection information for the Data Transport. A connection bundle is created by a Publisher when creating a new connection, such as adding a new Subscriber. The connection bundle zip must be uploaded by the Subscriber when connecting to a Publisher. 
|
| Credential Management | The Credential Management pane is accessible after clicking on the transport node in the Topology View and is only accessible by Publishers. Publishers can use this pane to create new connection bundles, download existing connection bundles, and delete connection bundles. 
|
| Data Collection | A data collection is a saved ThreatQ Threat Library query that can be used to create a Data Feed.
|
| Data Feeds | Data Feeds transmit selected Data Collections to user-selected instances (Publishers, Subscribers). You can select which data collection to use, whether or not to include associated attributes, and also rename the source for the feed so that the receiver can easily identify system objects ingested from the data feed. See the Data Feeds section for more details. By default, a data feed includes the object types associated with its data collection with the exception of tasks and files. In addition, you can use the checkboxes in the Supported Context and Relational Data sections to include additional information. 
|
| Data Transport | The Data Transport is how data is shared between TQX nodes, using OpenDXL.
|
| Incoming Feeds Pane | The Incoming Feeds pane is accessible from the right menu pane after clicking a Subscriber or Publisher node in your Topology View. You can see the names of the feeds offered to you, subscribe to/unsubscribe a feed, and view feed details such as the instance that sent it, the publish rate, and the last received time stamp. 
|
| Nodes | A node is a basic unit of a data structure within the OpenDXL data transport, such as an instance (Publisher/Subscriber) or data transport, that can be viewed on the Topology view. You can click on a node to view specific information. 
|
| Outgoing Feeds Pane | The Outgoing Feeds pane is accessible from the right menu pane after clicking a Subscriber or Publisher node in your Topology View. You can see the names of the feeds you provide to other instances, the number of feed recipients, the publish rate, and the last published time stamp. You also have an option to create a new feed from this pane.
|
| Publisher | A ThreatQ instance with a TQX broker license, which allows a user to create a connection bundle. At least one Publisher instance is required in order to create a connection. In TQX, Publisher nodes have a star badge icon in the Topology View. |
| Subscriber | A ThreatQ instance on version 4.49+ that does not have a TQX broker license. A Subscriber can subscribe to Data Feeds from a Publisher and offer Data Feeds to the Publisher for subscription. However, a Subscriber can neither see nor offer Data Feeds to other Subscribers connected to the Publisher. |
| Topology View | The Topology View provides you with a visual representation of your TQX connections. You can access the view by clicking on the Data Exchange menu and selecting Connections. From this view, you can click on various nodes to view specific information. Publishers can create/offer Data Feeds and create new connection bundles from this view as well. 
|