The Splunk SOAR App for ThreatQ allows a user to execute a variety of actions on ThreatQ

from a Phantom playbook.

With ThreatQ as a single source of truth for Threat Intelligence, you will be able to accurately

triage a sighting, and ultimately, make quicker decisions. This allows you to increase your

response time and improve your ROI by focusing on what’s important to your organization,

instead of being inundated with sightings of non-malicious indicators.

The app provides the following actions:

• Query Indicators - Queries a list of indicators against ThreatQ.
• Create Indicators - Creates indicators in ThreatQ.
• Create Task - Creates a task in ThreatQ.
• Create Event - Creates an event in ThreatQ based on the Phantom container metadata.
• Create Spearphish - Creates a spearphish event in ThreatQ based on a spearphish email
• in the Phantom vault.
• Upload File - Creates a file attachment in ThreatQ.
• Start Investigation - Creates a ThreatQ Investigation in the ThreatQ platform.
• Create Adversaries - Creates adversaries in ThreatQ.
• Create Custom Objects - Creates custom objects in ThreatQ.
• Add Attribute - Adds an attribute to a list of custom objects.
• Set Indicator Status - Sets the status of an indicator in ThreatQ.
• Add Tag - Adds a tag to an object in ThreatQ.
• Add Comment - Adds a comment to an object in ThreatQ.