ThreatQ Supported
VMware Carbon Black Cloud Enterprise EDR Connector
Allows a user to export prioritized threat intelligence from ThreatQ into reports within Carbon Black Threat Hunter.Car-bon Black Threat Hunter will match endpoint activity to the threat intelligence from ThreatQ and generate alerts.
Version
1.2.1Categories
Commercial Intelligence,EDR
Cisco AMP for Endpoints Operation
This operation allows a ThreatQ user to execute 2 actions on their Cisco AMP for Endpoints instance. The first action allows users to submit a SHA-256 hash from ThreatQ to a Cisco AMP for Endpoints application block list. The second action allows users to query their Cisco AMP for Endpoints events for any hits on a specific SHA-256 hash.
Version
1.0.1Categories
Enrichment & Analysis,EDR
Symantec Endpoint Protection Connector
This is a custom connector for a Symantec Endpoint Protection instance. This connector is meant to attach to a single Symantec Endpoint Protection instance. The connector's purpose is to send MD5 hashes in saved searches from ThreatQ into Symantec Endpoint Protection as a single user specified file fingerprint list.
Version
1.0.0Categories
Commercial Intelligence,EDR
VMware Carbon Black Protection Operation
The VMware Carbon Black Protection operation is used to apply policy rules to MD5, SHA-1 and SHA-256 hashes in CB Protection. The rules it can apply are ban, approve, or unapprove. When executed the operation sends the selected hash from ThreatQ to CB Protection and applies the rule a Threat Analyst has selected.
