QRadar Operation

IBM QRadar Operation provides a historical look up of events related to IP Address

Version

1.2.2

Categories

SIEM & Log

Phishtank

PhishTank is a free community site where anyone can submit, verify, track and share phishing data.

Version

2.0.0

Categories

Open Source Intelligence

Qualys Scanner

The vulnerabilities scanner connector collects any discovered CVEs in recently executed Qualys scans, and ingests them in (On Prem and Cloud)

Version

1.2.3

Categories

Commercial Intelligence

Phishlabs

Returns list of incidents and indicators.

Version

1.0.0

Categories

Commercial Intelligence

Farsight Security Operation

Joint solution of ThreatQ and Farsight Security allows organizations to quickly enrich threat data

Version

1.0.4

Categories

Enrichment & Analysis

Fidelis Elevate Operation

Enrichment operation that has multiple functions

Version

1.1.1

Categories

Enrichment & Analysis

Sekoia

This Feed integrates with Sekoia's InThreat Intelligence Center API as described in Sekoia's Documentation.

Version

1.1.1

Categories

Commercial Intelligence

Spamhaus Feeds

Ingests IOCs from Spamhaus Don't Route Or Peer List (DROP) and Spamhaus Extended DROP List (EDROP)

Version

1.0.1

Categories

Open Source Intelligence

Symantec Management Center

Exports indicators of compromise from ThreatQ to a Symantec Management Center cloud instance.

Version

1.0.0

Categories

Commercial Intelligence

Flashpoint CVE

Integration Ingests Vulnerabilities (CVEs) and its Related Objects.

Version

1.1.0

Categories

Commercial Intelligence

Soltra Edge Operation

The ThreatQuotient for Soltra Edge Operation provides data export capability between a source object

Version

1.1.1

Categories

Enrichment & Analysis

DomainTools

The ThreatQuotient for DomainTools Operation provides context in the form of attributes and indicato

Version

2.1.0

Categories

Enrichment & Analysis

McAfee AR Operation

This operation enables analysts to query a McAfee Active Response instance for IP addresses and Hashes (MD5, SHA-1 and SHA-256). The search is done via a McAfee ePO. Any search results can be added as related indicators and/or attributes to the enriched indicator.

Version

2.0.3

Categories

Enrichment & Analysis

Checkpoint Sandblast

The Checkpoint Sandblast Operation enables a user submit files, hashes, and URLS to Checkpoint for analysis. Users can then choose to add these object to their ThreatQ instance.

Version

1.0.0

Categories

Threat Prevention

FireEye CMS

The FireEye CMS connector pulls alerts from FireEye CMS and uploads the data as indicators and event

Version

3.4.1

Categories

Enrichment & Analysis

CORTEX XSOAR Integration for ThreatQ

XSOAR is a security automation and orchestration platform that integrates with ThreatQ

Version

1.X.X

Categories

Orchestration

Malpedia

Allows users to ingest Malware, Actors, and YARA Rules from Malpedia

Version

1.0.0

Categories

Open Source Intelligence

Exploit DB Connector

The ThreatQuotient for Exploit DB Connector imports Exploit DB exploits into ThreatQ. Included with

Version

1.1.0

Categories

Open Source Intelligence

Cybereason Operation

Cybereason Operation

Version

1.0.0

Categories

Enrichment & Analysis

McAfee Web Gateway Operation

The McAfee Web Gateway operation enables analysts to query McAfee Web Gateway for reputation information on network indicators (IP Address, FQDN, URL). The search is performed via a McAfee ePO. Any search results can be added as related indicators and/or attributes to the enriched indicator.

Version

1.0.1

Categories

Commercial Intelligence