Current ThreatQ Version Filter
 

About My Integrations

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: 

  • Orchestration - Edit Orchestration Workflow (required for action type integrations only)
  • Integrations - Install & Uninstall Integrations, Edit Integration Configurations

The My Integrations tab within the Integrations page allows you to add, remove, and configure feeds, actions, custom connectors, and operations that you have downloaded from the ThreatQ Marketplace or are seeded in ThreatQ.

My Integrations Page

The My Integrations page allows you to add, remove, and configure feeds, actions, custom connectors, and operations that you have downloaded from the ThreatQ Marketplace or are seeded in ThreatQ.

ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integrated-related credentials.

Relationship Limits

When ThreatQ ingests over 10,000 relationships for an object from the integration, the integration’s card displays a relationship limit badge  and is listed in the Flagged tab. When you resolve the relationship issue, the relationship limit badge is removed and the integration card is no longer listed in the Flagged tab.

Accessing My Integrations

  1. Navigate to your ThreatQ instance.
  2. Click the Integrations option in the main navigation and select one of the following options:
    Integrations Menu
    Menu Option Details
    Marketplace Opens the ThreatQ Marketplace in a new tab.
    My Integrations Opens the My Integrations tab within the Integrations page.
    Actions Opens the My Integrations tab filtered to only display actions.
    Intelligence Feeds & Connectors Opens the My Integrations tab filtered to only display feeds and connectors.
    Operations Opens the My Integrations tab filtered to only display operations.

    The Integrations page loads and defaults to the My Integrations tab and All subtab which lists all integrations currently installed on your platform, both enabled and disabled.

    My Integrations Page

 
  1. Navigate to your ThreatQ instance.
  2. Click the Integrations option in the main navigation and select one of the following options:
    Integrations Menu
    Menu Option Details
    Marketplace Opens the ThreatQ Marketplace in a new tab.
    My Integrations Opens the My Integrations page.
    Actions Opens the My Integrations page filtered to only display actions.
    Intelligence Feeds & Connectors Opens the My Integrations page filtered to only display feeds and connectors.
    Operations Opens the My Integrations page filtered to only display operations.

    The My Integrations page loads and defaults to the All tab which lists all integrations currently installed on your platform, both enabled and disabled.

Filtering Your View

There are several filters available that allow you to narrow down your integrations.  The platform will remember your filter selections for the duration of your session.  These filters include:

Filter Details
Keyword Filter the integrations list by keyword.
Type Filter the integrations list by integration type.  Options include:
  • Actions
  • Intelligence Feeds and Connectors
  • Operations
  • All
Category

Filter the list by the category of integration:

  • OSINT - OSINT feeds are open source threat intelligence feeds. Open source feeds are free to use, but some may require you to register with the feed provider to attain an API Key.
  • Commercial -  Commercial feeds are provided by paid feed providers as a service. To enable these feeds in ThreatQ, you will need an API ID or API Key from the provider. Commercial feeds typically provide highly contextual threat intelligence data. You can learn more about these feeds on their vendor's websites.
  • STIX TAXII - STIX stands for Standard Threat Information Expression, it is an emerging standard for the sharing of machine readable intelligence and incident data. A STIX package is an XML document that can contain many indicators and related context information. For the automated sharing of STIX packages, a protocol called TAXII (Trusted Automated eXchange of Indicator Information) is used to provide a feed to consumers. 
  • Labs - Labs are driven by ThreatQuotient’s Threat Intelligence Services Team. Labs feeds provide a solution for data ingestion that is not provided by the feeds pre-configured with the ThreatQ platform. You should inquire with a Threat Intelligence Engineer to see what Labs are available.
Status
(All/Enabled/Disabled tabs)		 Filter the list of installed integrations by status: enabled, disabled, or flagged. A count of integrations appears next to each tab and reflects any filter that is selected.

The Flagged tab lists integrations from which the ThreatQ instance has ingested over 10,000 relationships for an object. ThreatQ will not ingest additional relational data for the object from this feed until the relationship limit issue has been resolved.

The All tab, which displays both enabled and disabled integrations, is selected by default.
Clear Search Filters Clears the search filters that are currently in use.
Filter Details
Keyword Filter the integrations list by keyword.
Type Filter the integrations list by integration type.  Options include:
  • Actions
  • Intelligence Feeds and Connectors
  • Operations
  • All
Category

Filter the list by the category of integration:

  • OSINT - OSINT feeds are open source threat intelligence feeds. Open source feeds are free to use, but some may require you to register with the feed provider to attain an API Key.
  • Commercial -  Commercial feeds are provided by paid feed providers as a service. To enable these feeds in ThreatQ, you will need an API ID or API Key from the provider. Commercial feeds typically provide highly contextual threat intelligence data. You can learn more about these feeds on their vendor's websites.
  • STIX TAXII - STIX stands for Standard Threat Information Expression, it is an emerging standard for the sharing of machine readable intelligence and incident data. A STIX package is an XML document that can contain many indicators and related context information. For the automated sharing of STIX packages, a protocol called TAXII (Trusted Automated eXchange of Indicator Information) is used to provide a feed to consumers. 
  • Labs - Labs are driven by ThreatQuotient’s Threat Intelligence Services Team. Labs feeds provide a solution for data ingestion that is not provided by the feeds pre-configured with the ThreatQ platform. You should inquire with a Threat Intelligence Engineer to see what Labs are available.
Status
(All/Enabled/Disabled tabs)		 Filter the list of installed integrations by status: enabled or disabled.  A count of integrations appears next to each tab and reflects any filter that is selected.

The All tab, which displays both enabled and disabled integrations, is selected by default.
Clear Search Filters Clears the search filters that are currently in use.