Triggering a Manual Run
Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions:
- Orchestration - Edit Orchestration Workflow (required for action type integrations only)
- Integrations - Edit Integration Configurations
- Custom role permissions control access to the pages that allow you to execute manual runs of integrations. However, custom roll permissions do not apply to the objects and object context created/ingested.
The steps provided below are for performing manual runs for a CDF. See the Managing Workflows section of the ThreatQ Orchestrator TDR guide for steps on performing manual runs for CDWs.
Not every CDF integration allows you to perform a manual run. If your CDF does not support manual runs, the Run Integration option will not load on the integration's details page.
From the My Integrations page:
- Locate and click the integration to load its details page.
To locate an integration, you can filter the list by keyword, integration category, and/or status (enabled or disabled).
- Confirm that the integration is enabled.
- Click the Run Integration button located beneath Enable/Disable toggle switch.
If the Run Integration button is not visible, the integration does not support manual runs.
The Trigger Manual Run window will be displayed.The Start and End dates will tell the ThreatQ platform to pull new and updated information published by the feed provider for that time range.
Some feeds, such as TAXII 2.0 and 2.1 feeds, only support a Start Date.
- Enter values into the Start and End Date fields and click the Queue Run button.