ThreatQ platform has taken a threat-centric approach to security operations. This approach allows security teams to prioritize based on threat and risk, collaborate across teams, automate actions and workflows, and integrate point products into a single security infrastructure.

ThreatQ Open Exchange includes a Configuration Driven Feed (CDF), Software Development Kit (SDK), easy-to-use Application Programming Interface (API) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.

Loginsoft developed an Integration App to ingest Threat Intelligence Feed into the ThreatQ platform. Integration App is developed using ThreatQ’s Open Exchange Framework that allows building a powerful and robust definitions to ingest Threat Intelligence data from a Feed Provider.

Integration Highlights:

  1. Integration Development:
    • Develop Configuration Driven Feed (CDF) that can be used to ingest a Threat Intelligence Feed
    • Configure the new Feed in ThreatQ platform (like providing API Key, Feed Run Frequency etc.)
    • Feed will automatically run at a configured interval and pull the data from the Threat Intelligence Source
    • Incoming Feed data is mapped to ThreatQ platform specific fields and incoming IoCs with attributes are saved in ThreatQ platform
    • Relationships/Associations are established between objects
      • Example: Associate an MD5 (123456789abcdefghijklmnopqrstuvw) with an Adversary (APT40)
    • MITRE ATT&CK information, if any, is saved as Tactics, Techniques and Procedures (TTPs) in ThreatQ platform
    • Complete Quality Assurance (QA) process
    • Create User Manual
    • Package deliverables -YAML File and User Manual
  2. Submit Integration for Approval:
    • Integration is submitted to ThreatQuotient’s Engineering team for approval. This includes providing Feed Details, Publisher, Feed Type (Commercial or Open Source Intelligence), Vendor Logo, YAML file and User Manual
  3. ThreatQuotient’s Engineering Review and Approval:
    • Validation of the integration against the CDF Best Practices list
    • Inspection of submitted data mappings and the CDF for data integrity concerns and general user experience and usability
    • General Feed Run performance
    • Submitted data mappings are converted into a ThreatQ Help Center document
    • After final tweaks, the CDF will be considered Approved and merged to Engineering’s Feed Definitions repository
  4. Integration Release:

Here is a look inside the ThreatQ platform with the Threat Intelligence Feed added.

Sample screen that shows ThreatQ’s Threat Library (like Adversaries, Attack Patterns, Campaigns, Indicators, Intrusion Sets, Malware, Signatures, TTPs and Vulnerabilities etc.).

ThreatQ platform with the Threat Intelligence Feed added

Sample IP Address Indicator with Attributes.

Sample IP Address Indicator with Attributes on ThreatQ Platform

About Loginsoft:

For over 15 years, leading companies in Telecom, Cybersecurity, Healthcare, Finance, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Let’s start a conversation.

Connect Now