Loginsoft builds expertise in integrating Threat Intelligence source with ThreatQuotient's Threat Intelligence Platform

Loginsoft builds expertise in integrating Threat Intelligence source with ThreatQuotient's Threat Intelligence Platform

August 13, 2020
Profile Icon

Jason Franscisco

ThreatQ platform has taken a threat-centric approach to security operations. This approach allows security teams to prioritize based on threat and risk, collaborate across teams, automate actions and workflows, and integrate point products into a single security infrastructure.

ThreatQ Open Exchange includes a Configuration Driven Feed (CDF), Software Development Kit (SDK), easy-to-use Application Programming Interface (API) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.

Loginsoft developed an Integration App to ingest Threat Intelligence Feed into the ThreatQ platform. Integration App is developed using ThreatQ's Open Exchange Framework that allows building a powerful and robust definitions to ingest Threat Intelligence data from a Feed Provider.

Integration Highlights:

  1. Integration Development:
  • Develop Configuration Driven Feed (CDF) that can be used to ingest a Threat Intelligence Feed
  • Configure the new Feed in ThreatQ platform (like providing API Key, Feed Run Frequency etc.)
  • Feed will automatically run at a configured interval and pull the data from the Threat Intelligence Source
  • Incoming Feed data is mapped to ThreatQ platform specific fields and incoming IoCs with attributes are saved in ThreatQ platform
  • Relationships/Associations are established between objects
    Example: Associate an MD5 (123456789abcdefghijklmnopqrstuvw) with an Adversary (APT40)
  • MITRE ATT&CK information, if any, is saved as Tactics, Techniques and Procedures (TTPs) in ThreatQ platform
  • Complete Quality Assurance (QA) process
  • Create User Manual
  • Package deliverables -YAML File and User Manual

        2. Submit Integration for Approval:

            Integration is submitted to ThreatQuotient’s Engineering team for approval. This includes providing Feed Details, Publisher, Feed Type (Commercial or Open Source Intelligence), Vendor Logo, YAML file and User Manual

  1. ThreatQuotient’s Engineering Review and Approval:
    Validation of the integration against the CDF Best Practices listInspection of submitted data mappings and the CDF for data integrity concerns and general user experience and usabilityGeneral Feed Run performanceSubmitted data mappings are converted into a ThreatQ Help Center documentAfter final tweaks, the CDF will be considered Approved and merged to Engineering’s Feed Definitions repository
  1. Integration Release:
    Approved Integration is published to the ThreatQ marketplace https://marketplace.threatq.com/

Here is a look inside the ThreatQ platform with the Threat Intelligence Feed added.

Sample screen that shows ThreatQ’s Threat Library (like Adversaries, Attack Patterns, Campaigns, Indicators, Intrusion Sets, Malware, Signatures, TTPs and Vulnerabilities etc.).

ThreatQ platform with the Threat Intelligence Feed added

Sample IP Address Indicator with Attributes.

Sample IP Address Indicator with Attributes on ThreatQ Platform

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 20 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media, and more have come to rely on Loginsoft as a trusted resource for technology talent. From startups, to product and enterprises rely on our services. Whether Onsite, Offsite, or Offshore, we deliver. With a track record of successful partnerships with leading technology companies globally, and specifically in the past 6 years with Cybersecurity product companies, Loginsoft offers a comprehensive range of security offerings, including Software Supply Chain, Vulnerability Management, Threat Intelligence, Cloud Security, Cybersecurity Platform Integrations, creating content packs for Cloud SIEM, Logs onboarding and more. Our commitment to innovation and expertise has positioned us as a trusted player in the cybersecurity space. Loginsoft continues to provide traditional IT services which include Software development & Support, QA automation, Data Science & AI, etc.

Expertise in Integrations with Threat Intelligence and Security Products: Built more than 250+ integrations with leading TIP, SIEM, SOAR, and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar & Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet, and so on. Loginsoft is a partner with industry leading technology vendors Palo Alto, Splunk, Elastic, IBM Security, etc.

In addition, Loginsoft offers Research as a service: We're more than just experts in cybersecurity; we're your accredited in-house research team focused on unraveling the complexities of cybersecurity and future technologies. From Application Security to Threat Research, our seasoned professionals have cultivated expertise in every facet of the field. We've earned the trust of over 20 security platform companies, who count on our research and analysis to strengthen their cybersecurity solutions.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter