The ExtraHop RevealX CDF enables ThreatQ to automatically ingest high-fidelity threat intelligence and telemetry generated by ExtraHop RevealX, an advanced Network Detection and Response (NDR) platform. ExtraHop RevealX provides deep, agent-less visibility into network traffic—including encrypted traffic—using cloud-scale machine learning to identify advanced threats, anomalous behavior, and security hygiene issues in real time. By integrating detections, assets, and indicators of compromise from RevealX directly into ThreatQ, this CDF empowers security teams to enhance triage, accelerate investigations, and strengthen their response to threats across hybrid and multi-cloud environments.

The integration provides the following feed:

• ExtraHop RevealX Detections - retrieves, parses, and ingests ExtraHop RevealX detections, including contextual information about malicious or suspicious network activity and anomalies.

The integration ingests the following object types:

• Incidents
• Events
• Assets
• Indicators
• Attack Patterns
• Tools
• Malware