The ThreatQ open and extensible threat intelligence platform integrates disparate security technologies into a single security infrastructure, automating actions and workflows so that tools and people can work in unison. Empowered with continuous prioritization based on their organization’s unique risk profile, security teams can focus resources on the most relevant threats, and collaboratively investigate and respond with the aim of taking the right actions faster.
ThreatQ integrates with various Recorded Future API endpoints in order to enable users to gain context and correlate behavior within their ThreatQ environment. The integration supports the following actions:
Additionally, a ThreatQ enrichment operation allows a ThreatQ user to add geolocation attributes and related indicators (if available) of IP Addresses within ThreatQ.