About ThreatQ Orchestrator

ThreatQ TDR Orchestrator includes enhanced automation, analysis and reporting capabilities that accelerate threat detection and response across disparate systems.

Using Configuration-Driven Workflows (CDWs), applying Smart Collections, and Custom Scoring, ThreatQ prioritizes the threats that are important for remediation. That could be simple automation to quarantine the device or more complicated workflows to remediate the threat by shutting down a service, removing malware, restoring the system, submitting an alert, creating a ticket or initiating an investigation.

ThreatQ TDR Orchestrator can involve any number of tools and should provide cross team visibility for a more complete XDR security solution.

Data-Driven Triggers

Define what type of data to enrich using the ThreatQ Threat Library. Save your Threat Library queries as Data Collections to be used as Data-Driven Triggers in the orchestration workflow.

Configuration-Driven Workflows (CDWs)

CDWs, also known as Data-Driven Playbooks, take your identified triggers, in the form of Data Collections, and enrich your selected threat intelligence data using third-party providers such as Shodan, to curate further detailed threat information.

TQO gives you the option to import advanced workflows from predefined YAML files or create your own workflows in the TQO workflow builder.

Capture Enriched Data

The enriched information captured by the CDW is then ingested back into the ThreatQ platform for further analysis and refinement.