About Workflows

Workflows take your identified triggers, in the form of Data Collections, and enrich your selected threat intelligence data using Actions, third-party providers such as Rapid7, to curate further detailed threat information. 

Workflows do not override default statuses assigned to system objects.

Workflows can be triggered by the following:

• Workflow's Run Schedule.
• Manually Running the workflow from the builder page via the Run Now button.
• Performing a Manually Triggered Workflow run from the Threat Library or object details page.  

The TQO workflow builder provides you with a visual representation of how your Threat Library data collection and action are utilized.  The interface allows you to configure how an action is run, including what enriched context the action will ingest, the frequency of runs, and summaries of each run.    

The following is required to build a workflow:

• A TQO License.
• A ThreatQ Data Collection.
• A TQO Action installed on your ThreatQ instance.  TQO Actions can be downloaded from the ThreatQ Marketplace.