Phishtank

PhishTank is a free community site where anyone can submit, verify, track and share phishing data.

Version

2.0.0

Categories

Open Source Intelligence

Veris VCDB

The VERIS Community Database (VCDB) is an open and free repository of publicly-reported security incidents.

Version

1.0.0

Categories

Open Source Intelligence

Checkpoint Sandblast

The Checkpoint Sandblast Operation enables a user submit files, hashes, and URLS to Checkpoint for analysis. Users can then choose to add these object to their ThreatQ instance.

Version

1.0.0

Categories

Threat Prevention

ThreatQuotient Add-on for Splunk

The ThreatQuotient Add-On for Splunk

Version

N/A

Categories

SIEM & Log

AlienVault OTX Pulse Operation

The ThreatQuotient for AlienVault OTX Pulse Operation allows a ThreatQ user to query AlienVault for

Version

1.0.1

Categories

Enrichment & Analysis

Fidelis Elevate Operation

Enrichment operation that has multiple functions

Version

1.1.1

Categories

Enrichment & Analysis

Infoblox Grid

Adds and deletes IOCs (IP Address, FQDN and CIDR Block) to/from Infoblox DNS Response Policy Zone (RPZ). IOCs added to the RPZ are dropped/blocked by the DNS resolver.

Version

1.4.0

Categories

Network Management

Spamhaus Feeds

Ingests IOCs from Spamhaus Don't Route Or Peer List (DROP) and Spamhaus Extended DROP List (EDROP)

Version

1.0.1

Categories

Open Source Intelligence

Zerofox

Our Integration with Zerofox enables us to get curated threat intel.

Version

1.0.0

Categories

Commercial Intelligence

Flashpoint CVE

Integration Ingests Vulnerabilities (CVEs) and its Related Objects.

Version

1.1.0

Categories

Commercial Intelligence

McAfee AR Operation

This operation enables analysts to query a McAfee Active Response instance for IP addresses and Hashes (MD5, SHA-1 and SHA-256). The search is done via a McAfee ePO. Any search results can be added as related indicators and/or attributes to the enriched indicator.

Version

2.0.3

Categories

Enrichment & Analysis

US-Cert Tips CDF

This integration consumes data provided by the US CERT to notify organizations about threats that exist on the Internet.

Version

2.0.0

Categories

Open Source Intelligence

DomainTools COVID 19

Includes a curated list of high-risk COVID-19-related domains

Version

1.0.0

Categories

Open Source Intelligence

Reversing Labs

This integration ingests YARA Signatures(A 1000) and information associated with matched malware samples.

Version

1.0.0

Categories

Commercial Intelligence

Proofpoint TAP Emails

The Proofpoint TAP (Targeted Attack Protection) Emails feed allows a user to ingest and relate the emails of users who have clicked on malicious links, as well as these malicious links and their senders from the Proofpoint TAP SIEM endpoint

Version

1.0.0

Categories

Enrichment & Analysis

NSFOCUS

NSFOCUS provides crucial threat intelligence and enriched data to the ThreatQ Platform which enable

Version

1.4.1

Categories

Commercial Intelligence

IBM X-Force Exchange Operation

Provides Data Enrichment of indicators of compromise via the IBM X-Force Exchange.

Version

1.1.1

Categories

Enrichment & Analysis

Tenable.io Operation

The ThreatQuotient for Tenable.io Operation queries Tenable.io for vulnerable hosts in an organizati

Version

1.1.0

Categories

Vulnerability Management

Malware Patrol Intelligence

This Malware Patrol Connector ingests threat intelligence data from seven Malware Patrol feeds. The

Version

2.0.0

Categories

Commercial Intelligence

ArcSight Case Management CDF

The ArcSight Case Management CDF for ThreatQuotient enables ThreatQ to automatically ingest cases, events, and indicators from ArcSight, ultimately, alerting analysts of any threats within their environment.

Version

1.0.0

Categories

Enrichment & Analysis