Browse Apps
Integration Documentation
  • Last Updated
    Dec 19, 2023
  • Version
    1.1.1
  • Compatibility
    ThreatQ Version >= 5.20.0

    • The Hive Action

    ThreatQuotient

    Overview

    The Hive Action enables a user to create cases in The Hive with ThreatQ indicators attached as case observables.

    The integration provides the following action:

    • The Hive Create Case - Creates cases and observables in The Hive based on ThreatQ objects. For each object an observable will be attached to the created case.

    The action is compatible with the following object types:

    • Adversaries
    • Assets
    • Attack Patterns
    • Campaigns
    • Course of Actions
    • Exploit of Targets
    • Identities
    • Indicators
    • ASN
    • IP Address
    • IPv6 Address
    • CIDR Block
    • MD5
    • SHA-1
    • SHA-256
    • SHA-384
    • SHA-512
    • URL
    • FQDN
    • Filename
    • Email Address
    • Email Subject
    • Intrusion Sets
    • Malware
    • Reports
    • Tools
    • TTPs
    • Vulnerabilities

    The action returns the following enriched system objects:

    • Adversaries
    • Assets
    • Attack Patterns
    • Campaigns
    • Course of Actions
    • Exploit of Targets
    • Identities
    • Indicators
    • Intrusion Sets
    • Malware
    • Reports
    • Tools
    • TTPs
    • Vulnerabilities

    Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy