Current ThreatQ Version Filter

Requirements

The following is required in order to configure, enable, and use the Threat Research Agent.

  • ThreatQ version 6.18.0 or later.
  • A Threat Research Agent license - contact ThreatQ Sales or your Technical Account Manager (TAM) for more details.

    On-Premise Customers will need to enable the mcp and agent services in their terraform.tfvars file after applying the Threat Research Agent license to their ThreatQ instance using the steps below. ThreatQuotient will perform this task for ThreatQ hosted customer instances. 

    1. Open the terraform.tfvars file.
    2. Set the enable_mcp and enable_agent entries to true. The file should resemble: 
      enable_mcp: "true"
enable_agent: "true"
    3. Save the file and run TQAdmin to apply the changes to your ThreatQ instance. 
  • A tool-capable model from one of the following LLM providers listed below. The LLM provider token will be system-wide and can be utilized by all users with the appropriate roles/permissions.
    • OpenAI 
    • Anthropic
    • Google Gemini
    • Ollama

      The quality of results will depend on the selected LLM model.

  • The appropriate ThreatQ roles/permissions needed to access the agent and its tools. The agent will inherit the role/permissions of the user using it. For example, if you have an Administer role, the agent will have those permissions during that session.
    • Configuring and Enabling the Agent
      • Default Roles Required: Maintenance or Administrator
      • Custom Role: Administrative Functions - Edit System Configurations
    • Using the Agent
      • Default Roles Required: Maintenance, Administrator, or Primary Contributor
      • Custom Role: Agentic Assistance - Access MCP Server and Use Agentic Chat
    • Running Tools to Enrich Data
      • Default Roles Required: Maintenance, Administrator, or Primary Contributor
      • Custom Role: Integrations - Run Operations and Edit Integration Configurations

      Read Only roles will only have access to the MCP service. This will allow them to query data within ThreatQ but they will not have access to the Agent Service that uses the LLM models.