Configuring an Integration
Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions:
- Orchestration - Edit Orchestration Workflow (required for action type integrations only)
- Integrations - Edit Integration Configurations
The integration must already be installed in order to access its configuration. See the Adding an Integration topic for more details.
Configuration parameters will differ based on individual integrations. See the individual integration's user guide for configuration and other requirements. Additionally, certain configuration options in the ThreatQ UI will be available for certain types of integrations. Example: The Run Frequency option will only be accessible for CDFs.
Relationship Limits
When ThreatQ ingests over 10,000 relationships for an object from the integration, integration’s configuration page displays an Integration Flagged banner as well as a relationship limit badge 
above the integration logo.
From the My Integrations page:
- Locate and click the integration to load its details page.
The integration details page displays and lists the following:
- Integration Information - details such as the author, required ThreatQ version and targeted object types.
- Configuration Tab - Integration-specific configuration parameters for the integration.
- Activity Log tab - Display run information such as time stamps, data ingested, and any error messages. The Activity Log on this page only applies to CDFs.
- Enter the required configuration parameters for your integration in the Configuration Tab. These configuration parameters will differ based on the integration. See the individual integration's user guide for more information.
Any configurations set on this form for an Action will be applied by default when adding a new instance of the action to an orchestration workflow. If you edited an action's configuration fields in a specific workflow's view, those settings will be honored instead for that specific workflow.
- Select a Run Frequency for the integration (CDFs only).
Periodic Options
Selection Description Hourly Run the integration every hour. Every 6 Hours Run the integration every six hours. Every 24 Hours Run the integration every day. Every 2 Days Run the integration every two days. Every 14 Days Run the integration every two weeks. Every 30 Days Run the integration every month. Schedule Options
Selection Description Daily Allows you to run the integration at a specific time every day. Weekly Allows you to run the integration at a specific time, on a specific day, every week. - Select a default Status if the integration ingests indicator or signature types.
This configuration option will only be available if the integration ingests indicator or signature types.
- Enable or disable Feed Health Notifications (CDFs only) for the integration. Feed Health Notifications allow the ThreatQ application to send you, and other designated users, email and in-app notifications when a feed encounters an issue.
The in-app notifications appear in Notification Center for users with an administrator or maintenance account. These notifications include a link that redirects you to the Activity Log tab on the configuration page for the integration.
The emails contain useful information such as connection information, data ingested, and an ingestion summary.
See the Notifications topic for more information.
- Enable or disable the Debug option (for CDFs only) - The Debug Option checkbox gives you the option to save raw data response files for troubleshooting purposes. Since this option uses a large amount of disk space, it defaults to unchecked. We recommend temporarily enabling the option when you are troubleshooting a feed issue.
- Click Save.
- Click the Enable/Disable toggle switch to enable the integration.
If the integration is a CDF, a run will be started automatically after the integration is enabled.