Current ThreatQ Version Filter
 

TQAdmin Configuration

TQAdmin allows you to configure the following options during your initial ThreatQ install and to update these options after the initial install:

  • OpenDXL (requires a ThreatQ Data Exchange license)
  • TAXII (requires a ThreatQ Data Exchange license)
  • SSL Certificate
  • CAC/mTLS

Configuring OpenDXL

The ThreatQ Data Exchange (TQX) product license provides access to both OpenDXL and TAXII server functionality.  For those customers who do not wish to use both, TQAdmin allows you to enable/disable OpenDXL and TAXII separately.  This allows you to focus your system resources on the functionality you want to use.

  1. Access the ThreatQ host command line via SSH or console.
  2. Run the following command:
    sudo /usr/local/bin/tqadmin configure

    The TQadmin configure command displays a series of prompts. 

    To prevent undesired changes to your system, you must enter a response for each prompt based on your current system configuration.  For example, if your organization uses ThreatQ Data Exchange'sTAXII functionality you must enter "yes" for the Do you want to enable TAXII prompt.

  3. To use your own SSL certificate for the ThreatQ interface, populate the following:
    Prompt Description
    Do you want to enable OpenDXL (TQX)? (yes/no) Enter yes to enable ThreatQ Data Exchange's OpenDXL functionality.  Enter no to disable this functionality.
  4. When prompted, enter your YUM username and password.
  5. Run the following command to save and apply your changes:
    sudo /usr/local/bin/tqadmin reapply

Configuring TAXII

  1. Access the ThreatQ host command line via SSH or console.
  2. Run the following command:
    sudo /usr/local/bin/tqadmin configure

    The TQadmin configure command displays a series of prompts. 

    To prevent undesired changes to your system, you must enter a response for each prompt based on your current system configuration.  For example, if your organization uses ThreatQ Data Exchange's OpenDXL functionality you must enter "yes" for the Do you want to enable OpenDXL prompt.

  3. To use your own SSL certificate for the ThreatQ interface, populate the following:
    Prompt Description
    Do you want to enable the embedded TAXII server? (yes/no) Enter yes to enable ThreatQ Data Exchange's TAXII server functionality.  Enter no to disable this functionality.
  4. When prompted, enter your YUM username and password.
  5. Run the following command to save and apply your changes:
    sudo /usr/local/bin/tqadmin reapply

 

Configuring a Web Server Certificate

The following steps allow you to update the SSL certificate from the default self-signed certificate used for the ThreatQ user interface.

  1. Move your SSL certificate file to a directory on your ThreatQ instance.
  2. Access the ThreatQ host command line via SSH or console.
  3. Run the following command:
    sudo /usr/local/bin/tqadmin configure

    The TQadmin configure command displays a series of prompts. 

    To prevent undesired changes to your system, you must enter a response for each prompt based on your current system configuration.  For example, if your organization uses ThreatQ Data Exchange's OpenDXL functionality you must enter "yes" for the Do you want to enable OpenDXL prompt.

  4. To use your own SSL certificate for the ThreatQ interface, populate the following:
    Prompt Description
    Do you want to use your own SSL certificate? (yes/no): Enter yes.
    Enter the file path for your certificate Enter the path for your SSL certificate.
    example:  /etc/threatq-certs/mycert.pem
    Enter the file path for your private key Enter the path for the SSL certificate's private key.
    example:  /etc/threatq-certs/mykey.pem
  5. When prompted, enter your YUM username and password.
  6. Run the following command to save and apply your changes:
    sudo /usr/local/bin/tqadmin reapply

 

Configuring SSL Client Certificate Authentication

  1. Move your CA certificate file to a directory on your ThreatQ instance.
  2. Access the ThreatQ host command line via SSH or console.
  3. Run the following command:
    sudo /usr/local/bin/tqadmin configure

    The TQadmin configure command displays a series of prompts. 

    To prevent undesired changes to your system, you must enter a response for each prompt based on your current system configuration.  For example, if your organization uses ThreatQ Data Exchange's OpenDXL functionality you must enter "yes" for the Do you want to enable OpenDXL prompt.

  4. To enable SSL Client Certification, populate the following:
    Prompt Description
    Do you want to enable CAC/mTLS? (yes/no): Enter yes.
    Enter the file path for your certificate: Enter the path for your CA Certificate.
    example:  /tmp/mycert.pem
    Enter the FQDN of the server: Enter the FQDN of the server.
    example    :  myserver.threatq.com
  5. When prompted, enter your YUM username and password.
  6. Run the following command to save and apply your changes:
    sudo /usr/local/bin/tqadmin reapply

  7. After your changes are saved, the CAC/PV SSL tab in the User Management page displays a status of Currently Enabled.
  8. Now that SSL Client Certificate Authentication is enabled, use one of the following methods to add a certificate fingerprint to your profile.

    Until you add a certificate fingerprint to your user profile, each time you access a new ThreatQ page you will be prompted to select a certificate.

    • Log out of ThreatQ and add your certificate fingerprint during log in.
    • Use the System Users tab to add your certificate fingerprint to your user profile.
  9. Use one of the following methods to add certificate fingerprints for users:
    • Users can add their own certificate fingerprint during their next login.  If needed, you can set up usernames and passwords in the System Users tab on the User Management page.
    • Maintenance or Administrative users can use the System Users tab to add the new certificate fingerprint to user profiles.