Current ThreatQ Version Filter
 

Adding an Integration

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: 

  • Orchestration - Edit Orchestration Workflow (required for action type integrations only)
  • Integrations - Install & Uninstall Integrations, Edit Integration Configurations

The steps for upgrading an integration are the same as adding a new integration.  You can use the steps below to install CDFs (.yml) and Operations (.whl).   

ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integrated-related credentials.

Steps for installing TQO Actions differ slightly in that you can install using a zip file (actions are the only integration type that can be installed by uploading a zip file) -  see the Installing an Action topic in the ThreatQ Orchestrator guide for more details.  Custom connectors and Apps can not be installed using the method described below (UI install) - see the individual user guide for installation steps.  

  1. Log into https://marketplace.threatq.com.
  2. Locate and download the desired integration file.

    CDF or Operation downloads that are in a zip format indicate that additional dependencies, other than the standard whl or yaml, are required. Extract the files from the zip and refer to the integration's individual guide on how to install them.  

  3. Navigate to My Integrations page on your ThreatQ instance.
  4. Click the Add New Integration button.

    The Add New Integration dialog box opens with the Add New Integration option selected by default.

    Add New Integration
  5. Upload the integration file using one of the following methods:
    • Drag and drop the integration file into the dialog box
    • Select the click to browse link to locate the integration file on your local machine

    For CDFs, you will upload the yaml file only.  For Operations, you will upload the whl file only.  Custom connectors, which are typically in a whl format, cannot be installed using the UI and require installation via CLI.  TQO Actions are the only integrations that support installation using the zip format - see the Installing an Action topic in the ThreatQ Orchestrator guide for more details.  

    If the ThreatQ Marketplace download for a CDF or Operation is in zip format, a separate dependency or custom object is required by the integration and is included in the download.  These additional files cannot be installed via the UI uploader nor can you upload the zip file to install.  See the integration's user guide for steps on how to install these additional files.  

    If the integration already exists on the platform, ThreatQ informs you and requires user confirmation before proceeding. If the new version of the integration contains changes to the user configuration and requires user confirmation before overwriting the existing configuration.

  6. If the integration file contains multiple feeds, you are prompted to select which feeds to install. Select the feeds to include and click Install.
    Select Feeds to Install
  7. When the install is complete, you must configure and enable the integration before it can be used. 

    Actions will automatically be enabled upon install/upgrade.