Posted: 15th April 2022

Product Overview

The ThreatQ open and extensible threat intelligence platform integrates disparate security technologies into a single security infrastructure, automating actions and workflows so that tools and people can work in unison. Empowered with continuous prioritization based on their organization’s unique risk profile, security teams can focus resources on the most relevant threats, and collaboratively investigate and respond with the aim of taking the right actions faster.

Challenges Overcome Through Integration

  • Integrates with Recorded Future entity risk lists which enables real time threat intel consumption
  • Ability to customize which components of Recorded Future datasets are needed for correlation against internal telemetry data
  • On demand enrichment allowing users to gain more context on IoCs.
  • Regularly scheduled runs of risk lists to ensure you are staying up to date on emerging threats

Integration Description

ThreatQ integrates with various Recorded Future API endpoints in order to enable users to gain context and correlate behavior within their ThreatQ environment. The integration supports the following actions:

  • Domain Risk List & Lookup
  • IP Risk List & Lookup
  • URL Risk List & Lookup
  • Vulnerability Risk List & Lookup
  • Hash Risk List & Lookup
  • Analyst Notes
  • Alerts
Additionally, a ThreatQ enrichment operation allows a ThreatQ user to add geolocation attributes and related indicators (if available) of IP Addresses within ThreatQ.