Apr 16, 2024
1.1.0
ThreatQ versions >= 4.34.0
Cisco Threat Grid
Overview
The ThreatQuotient for ThreatGrid Application pulls indicators from the Cisco Threat Grid API, both cloud-based and appliance-based.
Understand and prioritize threats faster
Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware. With a robust, context-rich malware knowledge base, you will understand what malware is doing, or attempting to do, how large a threat it poses, and how to defend against it.
Bring your Threat Grid analysis data into ThreatQ as an internal intelligence source.
The Cisco Threat Grid CDF is a sandbox which allows the detonation of samples to generate analysis reports. The Cisco Threat Grid CDF for ThreatQ enables a user to ingest their organization’s sample analysis reports from Threat Grid. These samples can be filtered down by their threat score, so you are able to ingest only the detonations that your organization deems important to track.
The CDF provides the following feeds:
- Cisco Threat Grid - ingests analyses as Report Objects within ThreatQ. Any metadata surrounding the reports will be included, as well as related IOCs, related TTPs, and their relevant attribution.
- Get Analysis (Supplemental) - fetches the full analysis report JSON from Threat Grid’s API.
The integration ingests the following system object types:
- Indicators
- Indicator Attributes
- Reports
- Report Attributes
- TTPs
- TTP Attributes