arrow-iconBack

App-Icon

Trellix TIE Connector

The integration will pull the indicator hashes from the ThreatQ Threat Library and push them to the TIE Server

Version

1.4.1

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

D3 Security

For security teams to successfully filter through a non-stop stream of alerts and identify the real

Categories

Orchestration
Developer Supported
App-Icon
UPDATED

Splunk Phantom Operation

The Phantom App for ThreatQ enables customers to use the ThreatQ Threat LibraryTM as a customized en

Version

2.1.0

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

CORTEX XSOAR Integration for ThreatQ

XSOAR is a security automation and orchestration platform that integrates with ThreatQ

Categories

Orchestration
Developer Supported
App-Icon

Google Chronicle SOAR

The Google Chronicle SOAR integration uses threat data in ThreatQ to enrich Google Chronicle SOAR.

Categories

Orchestration
Developer Supported
App-Icon
UPDATED

Splunk SOAR App for ThreatQ

The Splunk SOAR App for ThreatQ allows a user to execute a variety of actions on ThreatQ playbook.

Categories

Orchestration
ThreatQ Supported
App-Icon

MISP Operation

The MISP Operation for ThreatQ enables analysts to export Events from ThreatQ into MISP, along with related context.

Version

1.1.0

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

Resilient Operation

The ThreatQuotient for Resilient Operation allows a ThreatQ user to create Resilient tickets directly from within ThreatQ.

Version

1.2.0

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

VirusTotal Action Bundle

The VirusTotal Action submits a collection of FQDN and supported objects to the VirusTotal API in individual HTTP Requests. VirusTotal returns a response for each object containing any information it has about the indicator.

Version

1.2.0

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

Shodan Action

The Shodan action for ThreatQ submits a data collection of IP Address objects to the Shodan API. The Shodan API queries the submitted IPs for any services running and returns related threat intelligence to be ingested into the ThreatQ library.

Version

1.0.2

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

IPInfo Action

The IPInfo action submits a collection of supported indicators of compromise (IOC) to the IPInfo API in the form of individual HTTP Requests. IPInfo returns a response for each object containing any information it has about the IOC.

Version

1.0.2

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

GreyNoise Community Action

The GreyNoise Community Action submits a collection of IP Addresses to the GreyNoise Community API in individual HTTP Requests. GreyNoise returns a response for each object containing any information they have about the indicator. A sample response can be found within this file.

Version

1.0.3

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

abuse.ch MalwareBazaar Action

The abuse.ch Malwarebazaar action submits data collection containing MD5, SHA-1 and SHA-256 IOCs to abuse.ch MalwareBazaar and returns Indicators, TTPs and Malware. The abuse.ch MalwareBazaar queries the submitted objects for enrichment and returns related threat intelligence to be ingested into the ThreatQ library.

Version

1.1.0

Categories

Commercial Intelligence,Orchestration
Download
ThreatQ Supported
App-Icon

CrowdStrike Insight EDR Action Bundle

The CrowdStrike Insight EDR Bundle provides action that submit data collections containing IP Address, SHA-1, SHA-256 and MD5 IOCs to CrowdStrike Insight EDR. The integration queries the submitted objects for enrichment and returns related threat intelligence to be ingested into the ThreatQ library.

Version

1.1.0

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

Fortinet FortiSOAR

The ThreatQ connector facilitates automated interactions, using FortiSOAR™ playbooks.

Categories

Orchestration
Developer Supported
App-Icon

Tenable Vulnerability Management Action Bundle

The actions included with the Tenable.io Action Bundle integrate with the Tenable.io API and provide visibility into the assets and vulnerabilities for an organization. The actions can run scans to identify vulnerabilities and submit data from a collection to retrieve vulnerability data for ingestion into the ThreatQ library.

Version

1.2.0

Categories

Orchestration
Download
ThreatQ Supported
App-Icon
UPDATED

ThreatQ ACE Operation

The ThreatQ ACE operation utilizes the ThreatQ ACE library for parsing unstructured text for contextual intelligence such as IOCs, malware, adversaries, and tags.

Version

1.1.2

Categories

Orchestration,Artificial Intelligence
Download
ThreatQ Supported
App-Icon

First EPSS Action

The First EPSS action submits a data collection containing CVE IOCs to First EPSS and returns enriched IOCs and relevant attributes.

Version

1.0.0

Categories

Orchestration,Vulnerability Management,Enrichment & Analysis
Download
ThreatQ Supported
App-Icon
UPDATED

ThreatQ Action Bundle for Microsoft Azure Sentinel

The ThreatQ Action Bundle for Microsoft Azure Sentinel provides actions that are used to enrich a specific collection and to add or delete them to/from your Microsoft Azure Sentinel instance.

Version

1.1.4

Categories

Orchestration
Download
ThreatQ Supported
App-Icon

Palo Alto Firewall Export

ThreatQuotient makes it easy for customers to export IOCs to their Palo Alto Firewall.

Categories

Network Management,Orchestration
ThreatQ Supported

Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy