The ThreatQ Investigations Action integration allows managers to automatically create and assign investigations to users for incoming data.

The integration provides the following action:

• ThreatQ - Create Investigations - automatically creates investigations for incoming intelligence objects.

The action is compatible with the following system object types:

• Adversaries
• Assets
• Attack Patterns
• Campaigns
• Courses of Action
• Events
• Exploit Targets
• Identities
• Incidents
• Intrusion Sets
• Malware
• Reports
• Tools
• TTPs
• Vulnerabilities

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.