Current ThreatQ Version Filter
Components
The following table contains key components, terms, and definitions regarding ThreatQ TDR Orchestrator (TQO) .
| Component/Term | Definition |
|---|---|
| Action | Actions are YAML snippets you can use to enrich the data specified by your workflow's data collection. See the About Actions topic for more information about actions. |
| Activity Log | TQO provides activity logs for workflows uploaded into TQO as well as those created in TQO. A workflow's activity log provides you with a summary of each manual or scheduled run of the workflow. This includes:
Activity Log - Workflow Built in TQO |
| Configuration Driven Workflow (CDW)/Workflow | Configuration Driven Workflows (CDWs), also known as Data-Driven Playbooks, take your identified triggers, in the form of Data Collections, and enrich your selected threat intelligence data using third-party providers such as Rapid7, to curate further detailed threat information. There are two types of workflows:
|
| Data Collection | A data collection is a saved ThreatQ Threat Library query that identifies the information to be enriched by a workflow. 
|
| Nodes | A node is a basic unit of a data structure within TQO, such as a data collection, workflow, or action, displayed in the Node View. You can click on a node to view and/or update its configuration details. 
|
| Node View | A workflow's Node View provides you with a visual representation of its basic components, the data collection, the workflow, and its action(s). You can access the Node View by clicking a workflow created in TQO in the Orchestrator page. These workflows have a type listed as Workflow Builder. From the Node View you can click the various workflow nodes, such as data collection, workflow, or action nodes, and view or update each node's settings. 
|
