
May 6, 2025
1.1.2
ThreatQ versions >= 5.5.0
SecAlliance ThreatMatch CDF
Overview
The SecAlliance ThreatMatch CDF enables analysts to automatically import alerts & profiles from ThreatMatch, along with related MITRE ATT&CK techniques, related threat actors, and other context.
The integration provides the following feeds:
- ThreatMatch Alerts- brings in alerts from ThreatMatch, along with any related context such as related profiles (malware, threat actors, campaigns, & incidents).
- ThreatMatch Alert Details (supplemental) - fetches details for a given Alert or ID.
- ThreatMatch Intelligence - brings in intelligence from ThreatMatch’s Profiles API. This will only bring in alerts if a profile has alerts related to it.
- ThreatMatch Profile Details (supplemental) - fetches details for a given Profile or ID.
The feeds ingest the following system objects:
- Adversaries
- Adversary Attributes
- Attack Patterns
- Campaigns
- Campaign Attributes
- Events
- Event Attributes
- Incidents
- Indicators
- Malware
- Malware Attributes