Using the Agent

The Threat Research Agent enables you to interact with your ThreatQ data using natural language, allowing you to quickly query threat intelligence, retrieve object details, and enrich information using integrated tools. The agent leverages both your Threat Library and configured ThreatQ operations to provide contextual insights and actionable results.

You can access the agent in two ways.

• Agent Bubble - Open the agent window from the bottom-right corner of the platform to begin a manual query, or use the Insights button on an object’s details page to automatically launch the agent. 
  
  
• Insights Button - An Insights button is available on an object’s details page. Selecting this option opens the Agent modal and automatically initiates a query to retrieve information related to the selected object. This contextual awareness allows the agent to deliver more relevant and targeted responses.
  
  
  
  

After submitting a query, the agent provides a response along with suggested follow-up prompts to help you explore related data and gather additional intelligence.

The agent can also prompt you to perform enrichment actions powered by ThreatQ operations, which function as tools for the agent. These tools enable you to extend your analysis beyond the data currently available in your Threat Library. To be accessible, all operations must be fully configured and enabled within the ThreatQ platform.

Unlike standard ThreatQ operations, the agent can leverage these tools on both existing ThreatQ objects and external data that has not yet been ingested, offering greater flexibility in your analysis and research workflows.