FireEye EX Connector

The integration is a bi-directional integration that is used for 1) uploading YARA rules from a saved search in ThreatQ to FireEye, and 2) searching in FireEye EX for alerts and creating events from those alerts in ThreatQ, including any indicators that have been found in the alerts.

Version

1.2.1

Categories

Commercial Intelligence

QRadar Operation

IBM QRadar Operation provides a historical look up of events related to IP Address

Version

1.2.2

Categories

SIEM & Log

Hortonworks Cybersecurity Platform (HCP) Connector

Integrates ThreatQ with the Kafka brokers installed in HCP

Version

1.1.3

Categories

SIEM & Log

Phishtank

PhishTank is a free community site where anyone can submit, verify, track and share phishing data.

Version

2.0.0

Categories

Open Source Intelligence

Qualys Scanner

The vulnerabilities scanner connector collects any discovered CVEs in recently executed Qualys scans, and ingests them in (On Prem and Cloud)

Version

1.2.3

Categories

Commercial Intelligence

SlashNext Phishing Intelligence

Integrates ThreatQ with SlashNext Agentless Phishing Defense to speed threat identification and operationalize blocking in network controls.

Version

1.0.1

Categories

Commercial Intelligence

MISP COVID 19

Provides warning lists for COVID-19 related whitelist feeds.

Version

1.0.1

Categories

Open Source Intelligence

GreyNoise Operation

The GreyNoise Operation for ThreatQ allows ThreatQ users to query GreyNoise for additional indicator context.

Version

1.0.0

Categories

Enrichment & Analysis

Malware Patrol Intelligence

This Malware Patrol Connector ingests threat intelligence data from seven Malware Patrol feeds. The

Version

2.0.0

Categories

Commercial Intelligence

Spamhaus Feeds

Ingests IOCs from Spamhaus Don't Route Or Peer List (DROP) and Spamhaus Extended DROP List (EDROP)

Version

1.0.1

Categories

Open Source Intelligence

Cofense Intelligence

Cofense Intelligence enables you to normalize, relate, enrich and track phishing threats.

Version

1.0.5

Categories

Commercial Intelligence

Bulk Apply Relationships

The Bulk Apply Relationships for ThreatQ integration allows a ThreatQ user to apply relationships to any objects in a data collection.

Version

1.1.0

Categories

Commercial Intelligence

Microsoft Azure Sentinel Incidents CDF

Sentinel is a project of Microsoft Azure with the goal of alerting SOC's of potential compromise. This feed retrieves those incidents.

Version

1.0.0

Categories

Enrichment & Analysis

Digital Shadows Intelligence CDF

Ingest private and public incidents, as well as public threats from Digital Shadows

Version

1.1.0

Categories

Commercial Intelligence

Soltra Edge Operation

The ThreatQuotient for Soltra Edge Operation provides data export capability between a source object

Version

1.1.1

Categories

Enrichment & Analysis

MSSP Pull Connector

The MSSP Pull connector is used the pull IOCs from a ThreatQ Threat Library Data Collection.

Version

2.2.0

Categories

Commercial Intelligence

FireEye CMS

The FireEye CMS connector pulls alerts from FireEye CMS and uploads the data as indicators and event

Version

3.4.1

Categories

Enrichment & Analysis

Metasploit Exploit

Consume data about exploits available in the Metasploit Framework.

Version

1.0.0

Categories

Commercial Intelligence

Cybereason Operation

Cybereason Operation

Version

1.0.0

Categories

Enrichment & Analysis

Proofpoint ET Intelligence (Open Source)

Ingest Block IP and Compromised IP list. (Open Source)

Version

1.0.0

Categories

Open Source Intelligence