McAfee ATD Connector

McAfee ATD Connector for TQ.

Version

1.1.0

Categories

Commercial Intelligence Threat Prevention

Bulk Apply Attributes

The Bulk Apply Attributes connector allows a ThreatQ user to apply attributes (with a custom source/TLP) to any objects in a data collection.

Version

1.1.0

Categories

Commercial Intelligence

Cybereason Connector

Enables users to automatically bulk-add blacklisted IOCs to Cybereason's reputation list.

Version

1.0.0

Categories

Enrichment & Analysis

FireEye Operation

The ThreatQuotient for FireEye Intelligence Operation gives the ability to ThreatQ users to search for indicators in FireEye Intelligence reports.

Version

1.0.0

Categories

Enrichment & Analysis

Cisco Threat Response (SecureX) - Operation

The Cisco Threat Response Operation for ThreatQuotient enables a user to query Cisco Threat Response for contextual information on a given indicator of compromise

Version

1.0.0

Categories

Enrichment & Analysis

VMware Carbon Black Response EDR Operation

Integration for Enrichment and Analysis with the EDR

Version

1.2.1

Categories

Enrichment & Analysis EDR

IBM X-Force Exchange Operation

Provides Data Enrichment of indicators of compromise via the IBM X-Force Exchange.

Version

1.1.1

Categories

Enrichment & Analysis

ThreatQuotient Add-on for Splunk

The ThreatQuotient Add-On for Splunk

Version

N/A

Categories

SIEM & Log

Microsoft COVID-19 Threat Indicators

Microsoft open-sourcing new COVID-19 threat intelligence

Version

1.0.0

Categories

Open Source Intelligence

Fortinet FortiSIEM Connector

The FortiNet FortiSIEM connector is a uni-directional integration that imports incidents from FortiNet FortiSIEM as events into ThreatQ. The integration allows users to query FortiNet FortiSIEM based on a relative time frame i.e last 2 hours, last 8 hours, etc.

Version

1.0.0

Categories

Commercial Intelligence

Censys Operation

Enriches ThreatQ system objects with context obtained from the CensysAPI.

Version

1.0.0

Categories

Enrichment & Analysis Commercial Intelligence

Snort Community Rules

The ThreatQuotient for Snort Community Rules Application downloads and ingests the Snort community r

Version

1.1.1

Categories

Open Source Intelligence

Veris VCDB

The VERIS Community Database (VCDB) is an open and free repository of publicly-reported security incidents.

Version

1.0.0

Categories

Open Source Intelligence

AlienVault OTX Pulse Operation

The ThreatQuotient for AlienVault OTX Pulse Operation allows a ThreatQ user to query AlienVault for

Version

1.0.1

Categories

Enrichment & Analysis

Team Cymru Controller Feed

Team Cymru Controller feed provides visibility into botnets that typically evade monitoring.

Version

1.0.0

Categories

Commercial Intelligence
NEW

MITRE ATT@CK CAPEC CDF

The MITRE ATT@CK CAPEC CDF for ThreatQuotient enables the automatic ingestion of Common Attack Pattern Enumerations and Classifications distributed by MITRE.

Version

1.0.0

Categories

Open Source Intelligence Intelligence Reports

Digital Element NetAcuity

Enrichment operation to geolocate and provide network information for IP addresses from the NetAcuity database.

Version

1.0.0

Categories

Enrichment & Analysis

Cisco AMP for Endpoints Connector

The Cisco AMP for Endpoints Integration for ThreatQ allows a user to automatically export hashes to a Cisco AMP for Endpoints blacklist.

Version

1.0.0

Categories

Enrichment & Analysis EDR

Mr.Looquer IOCFeed

1st Dual Stack Threat Feed

Version

1.0.0

Categories

Open Source Intelligence

RSA NetWitness

ThreatQuotient connector with the RSA NetWitness Platform

Version

1.0.0

Categories

SIEM & Log