• Orchestration

  • All Categories

  • Enrichment & Analysis

  • Intel Feeds
    • Commercial Intelligence
    • Open Source Intelligence

  • AI

  • Orchestration

  • SIEM & Log

  • Ticketing

  • EDR

  • Sandbox

  • Threat Prevention

  • Library

  • Network Management

  • Vulnerability Management

Sort by

Popular Newest Recently Updated A-Z Z-A

Back

Trellix TIE Connector

The integration will pull the indicator hashes from the ThreatQ Threat Library and push them to the TIE Server

Version

1.4.1

Categories

Orchestration

Download

ThreatQ Supported

Splunk Phantom Operation

The Phantom App for ThreatQ enables customers to use the ThreatQ Threat LibraryTM as a customized en

Version

2.1.0

Categories

Orchestration

Download

ThreatQ Supported

CORTEX XSOAR Integration for ThreatQ

XSOAR is a security automation and orchestration platform that integrates with ThreatQ

Categories

Orchestration

Developer Supported

Google Chronicle SOAR

The Google Chronicle SOAR integration uses threat data in ThreatQ to enrich Google Chronicle SOAR.

Categories

Orchestration

Developer Supported

Splunk SOAR App for ThreatQ

The Splunk SOAR App for ThreatQ allows a user to execute a variety of actions on ThreatQ playbook.

Categories

Orchestration

ThreatQ Supported

MISP Operation

The MISP Operation for ThreatQ enables analysts to export Events from ThreatQ into MISP, along with related context.

Version

1.1.0

Categories

Orchestration

Download

ThreatQ Supported

Resilient Operation

The ThreatQuotient for Resilient Operation allows a ThreatQ user to create Resilient tickets directly from within ThreatQ.

Version

1.2.0

Categories

Orchestration

Download

ThreatQ Supported

VirusTotal Action Bundle

The VirusTotal Action submits a collection of FQDN and supported objects to the VirusTotal API in individual HTTP Requests. VirusTotal returns a response for each object containing any information it has about the indicator.

Version

1.2.0

Categories

Orchestration

Download

ThreatQ Supported

Shodan Action

The Shodan action for ThreatQ submits a data collection of IP Address objects to the Shodan API. The Shodan API queries the submitted IPs for any services running and returns related threat intelligence to be ingested into the ThreatQ library.

Version

1.0.2

Categories

Orchestration

Download

ThreatQ Supported

IPInfo Action

The IPInfo action submits a collection of supported indicators of compromise (IOC) to the IPInfo API in the form of individual HTTP Requests. IPInfo returns a response for each object containing any information it has about the IOC.

Version

1.0.2

Categories

Orchestration

Download

ThreatQ Supported

GreyNoise Community Action

The GreyNoise Community Action submits a collection of IP Addresses to the GreyNoise Community API in individual HTTP Requests. GreyNoise returns a response for each object containing any information they have about the indicator. A sample response can be found within this file.

Version

1.0.3

Categories

Orchestration

Download

ThreatQ Supported

abuse.ch MalwareBazaar Action

The abuse.ch Malwarebazaar action submits data collection containing MD5, SHA-1 and SHA-256 IOCs to abuse.ch MalwareBazaar and returns Indicators, TTPs and Malware. The abuse.ch MalwareBazaar queries the submitted objects for enrichment and returns related threat intelligence to be ingested into the ThreatQ library.

Version

1.1.0

Categories

Commercial Intelligence,Orchestration

Download

ThreatQ Supported

CrowdStrike Insight EDR Action Bundle

The CrowdStrike Insight EDR Bundle provides action that submit data collections containing IP Address, SHA-1, SHA-256 and MD5 IOCs to CrowdStrike Insight EDR. The integration queries the submitted objects for enrichment and returns related threat intelligence to be ingested into the ThreatQ library.

Version

1.1.0

Categories

Orchestration

Download

ThreatQ Supported

Fortinet FortiSOAR

The ThreatQ connector facilitates automated interactions, using FortiSOAR™ playbooks.

Categories

Orchestration

Developer Supported

Tenable Vulnerability Management Action Bundle

The actions included with the Tenable.io Action Bundle integrate with the Tenable.io API and provide visibility into the assets and vulnerabilities for an organization. The actions can run scans to identify vulnerabilities and submit data from a collection to retrieve vulnerability data for ingestion into the ThreatQ library.

Version

1.2.0

Categories

Orchestration

Download

ThreatQ Supported

ThreatQ ACE Operation

The ThreatQ ACE operation utilizes the ThreatQ ACE library for parsing unstructured text for contextual intelligence such as IOCs, malware, adversaries, and tags.

Version

1.1.2

Categories

Orchestration,Artificial Intelligence

Download

ThreatQ Supported

First EPSS Action

The First EPSS action submits a data collection containing CVE IOCs to First EPSS and returns enriched IOCs and relevant attributes.

Version

1.0.0

Categories

Orchestration,Vulnerability Management,Enrichment & Analysis

Download

ThreatQ Supported

ThreatQ Action Bundle for Microsoft Azure Sentinel

The ThreatQ Action Bundle for Microsoft Azure Sentinel provides actions that are used to enrich a specific collection and to add or delete them to/from your Microsoft Azure Sentinel instance.

Version

1.1.4

Categories

Orchestration

Download

ThreatQ Supported

Palo Alto Firewall Export

ThreatQuotient makes it easy for customers to export IOCs to their Palo Alto Firewall.

Categories

Network Management,Orchestration

ThreatQ Supported

VMware Carbon Black EDR Action Bundle

VMware Carbon Black EDR is an incident response and threat hunting solution designed for Security Operations Center teams with offline environment requirements. VMware Carbon Black EDR continuously records and stores endpoint activity data so security professionals can hunt threats in real time and visualize the complete attack kill chain, using the VMware Carbon Black Cloud’s aggregated threat intelligence.

Version

1.2.0

Categories

Orchestration

Download

ThreatQ Supported

• 1
• 2
• 3
• 4
• 5