Cisco Threat Grid
The Cisco Threat Grid CDF is a sandbox which allows the detonation of samples to generate analysis reports. The Cisco Threat Grid CDF for ThreatQ enables a user to ingest their organization’s sample analysis reports from Threat Grid. These samples can be filtered down by their threat score, so you are able to ingest only the detonations that your organization deems important to track.
Version
1.1.0Categories
Commercial Intelligence,Sandbox
ThreatQ SupportedCisco AMP for Endpoints Operation
This operation allows a ThreatQ user to execute 2 actions on their Cisco AMP for Endpoints instance. The first action allows users to submit a SHA-256 hash from ThreatQ to a Cisco AMP for Endpoints application block list. The second action allows users to query their Cisco AMP for Endpoints events for any hits on a specific SHA-256 hash.
Version
1.0.1Categories
Enrichment & Analysis,EDRCisco Umbrella Action Bundle
The Cisco Umbrella actions for ThreatQ enables analysts to use Cisco Umbrella’s APIs for enrichment. Analysts will be able to enrich IOCs from their Threat Library with context from the Cisco Umbrella Investigate API, including but not limited to, the categorization, risk scores, hash samples, and WHOIS information.
Version
1.1.1Categories
OrchestrationCisco ESA Export IOC Action Bundle
The Cisco ESA Export IOC Action Bundle uses AsyncOS API for Cisco Secure Email Gateway to enable users to add or delete Safelist and Blocklist entries. Cisco Secure Email Gateway is an email security solution that blocks spam and security threats from the internet and prevents the accidental or intentional leakage of customer data.