/
/
Loginsoft builds expertise in integrating Threat Intelligence source with ThreatQuotient's Threat Intelligence Platform

Loginsoft builds expertise in integrating Threat Intelligence source with ThreatQuotient's Threat Intelligence Platform

Article
August 13, 2020
Profile Icon

Jason Franscisco

ThreatQ platform has taken a threat-centric approach to security operations. This approach allows security teams to prioritize based on threat and risk, collaborate across teams, automate actions and workflows, and integrate point products into a single security infrastructure.

ThreatQ Open Exchange includes a Configuration Driven Feed (CDF), Software Development Kit (SDK), easy-to-use Application Programming Interface (API) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.

Loginsoft developed an Integration App to ingest Threat Intelligence Feed into the ThreatQ platform. Integration App is developed using ThreatQ's Open Exchange Framework that allows building a powerful and robust definitions to ingest Threat Intelligence data from a Feed Provider.

Integration Highlights:

  1. Integration Development:
  • Develop Configuration Driven Feed (CDF) that can be used to ingest a Threat Intelligence Feed
  • Configure the new Feed in ThreatQ platform (like providing API Key, Feed Run Frequency etc.)
  • Feed will automatically run at a configured interval and pull the data from the Threat Intelligence Source
  • Incoming Feed data is mapped to ThreatQ platform specific fields and incoming IoCs with attributes are saved in ThreatQ platform
  • Relationships/Associations are established between objects
    Example: Associate an MD5 (123456789abcdefghijklmnopqrstuvw) with an Adversary (APT40)
  • MITRE ATT&CK information, if any, is saved as Tactics, Techniques and Procedures (TTPs) in ThreatQ platform
  • Complete Quality Assurance (QA) process
  • Create User Manual
  • Package deliverables -YAML File and User Manual

        2. Submit Integration for Approval:

            Integration is submitted to ThreatQuotient’s Engineering team for approval. This includes providing Feed Details, Publisher, Feed Type (Commercial or Open Source Intelligence), Vendor Logo, YAML file and User Manual

  1. ThreatQuotient’s Engineering Review and Approval:
    Validation of the integration against the CDF Best Practices listInspection of submitted data mappings and the CDF for data integrity concerns and general user experience and usabilityGeneral Feed Run performanceSubmitted data mappings are converted into a ThreatQ Help Center documentAfter final tweaks, the CDF will be considered Approved and merged to Engineering’s Feed Definitions repository
  1. Integration Release:
    Approved Integration is published to the ThreatQ marketplace https://marketplace.threatq.com/

Here is a look inside the ThreatQ platform with the Threat Intelligence Feed added.

Sample screen that shows ThreatQ’s Threat Library (like Adversaries, Attack Patterns, Campaigns, Indicators, Intrusion Sets, Malware, Signatures, TTPs and Vulnerabilities etc.).

ThreatQ platform with the Threat Intelligence Feed added

Sample IP Address Indicator with Attributes.

Sample IP Address Indicator with Attributes on ThreatQ Platform

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.

Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.

Interested to learn more? Let’s start a conversation.

Book a meeting

IN-HOUSE EXPERTISE

Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter