The ThreatQ Bulk Changes Action Bundle allows you to automate the bulk update process of your system objects by creating a workflow that will execute bulk updates on objects that meet the specified criteria.

The integration provides the following actions:

• Add / Remove Tags - add or remove Tags for an object in the Threat Library.
• Add / Remove Attributes - add or remove Attributes for an object in the Threat Library.
• Change Status - change the Status of Indicators, Events, Malware, Reports, Signatures, and Tasks in the Threat Library.
• Change Expiration Policy - change the Expiration Policy for Indicators in the Threat Library.
• Add / Remove Relationships - add or remove Relationships for an object in the Threat Library.
• Change Point of Contact - change the Point of Contact from the Threat Library.

The action is compatible with the following system object types:

• Adversaries
• Assets
• Attack Patterns
• Campaigns
• Courses of Action
• Events
• Exploit Targets
• Files
• Identities
• Indicators
• Intrusion Sets
• Malware
• Reports
• Signatures
• Tools
• TTPs
• Vulnerabilities

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.