ThreatQuotient ThreatQ

the threatquotient threatq connector facilitates the automation of threat intelligence operations by enabling seamless integration with the threatq platform threatquotient threatq is a threat intelligence platform that aggregates, correlates, and analyzes threat data to provide actionable insights this connector enables swimlane turbine users to automate the ingestion and management of threat intelligence, streamline event and indicator handling, and enhance security operations with enriched data by integrating with threatquotient threatq, users can create and manage events, indicators, and import sessions, as well as perform detailed searches and updates, all within the swimlane turbine environment prerequisites before integrating threatquotient threatq with swimlane turbine, ensure you have the following oauth 2 0 authentication credentials with the following parameters url the endpoint url for threatq api access api user email the email associated with your threatq account client password your password for oauth client authentication oauth client id the client id provided by threatq for oauth setup api type the specific api type or version supported by threatq capabilities the threatquotient connector has the following capabilities create event create indicators list delete import indicator get event list get indicators list get indicator by id import events indicator search indicator search with value indicators query update import indicator configurations oauth password grant authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required email the username for authentication string required password the password for authentication string required clientid client id of threatq oauth string required api type authentication is different for standard and beta versions of threatq api string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create event initiates the creation of a new event in threatquotient threatq using provided json body data endpoint url api/events method post input argument name type required description input argument name type required description title string optional parameter for create event type string optional type of the resource happened at string optional parameter for create event sources array optional parameter for create event name string optional name of the resource tlp object optional parameter for create event name string optional name of the resource output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase data object response data title string output field title type id number unique identifier happened at string output field happened at hash string output field hash updated at string output field updated at created at string output field created at id number unique identifier type object type of the resource id number unique identifier name string name of the resource user editable string output field user editable created at string output field created at updated at string output field updated at sources array output field sources type string type of the resource name string name of the resource updated at string output field updated at created at string output field created at id number unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "data" {} } } ] create indicators list generates a new list of indicators in threatquotient threatq based on the provided json body endpoint url api/indicators method post input argument name type required description input argument name type required description limit number optional parameter for create indicators list offset number optional parameter for create indicators list sort string optional parameter for create indicators list with string optional parameter for create indicators list class string optional parameter for create indicators list value string optional value for the parameter type id string optional unique identifier status id number optional unique identifier sources array optional parameter for create indicators list name string optional name of the resource tlp object optional parameter for create indicators list name string optional name of the resource published at string optional parameter for create indicators list attributes array optional parameter for create indicators list name string optional name of the resource value string optional value for the parameter sources array optional parameter for create indicators list name string optional name of the resource tlp object optional parameter for create indicators list name string optional name of the resource published at string optional parameter for create indicators list output parameter type description parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data id number unique identifier type id number unique identifier status id number unique identifier class string output field class hash string output field hash value string value for the parameter last detected at object output field last detected at expires at object output field expires at expired at object output field expired at expires calculated at object output field expires calculated at created at string output field created at updated at string output field updated at touched at string output field touched at existing string output field existing type object type of the resource id number unique identifier name string name of the resource class string output field class score object score value wildcard matching string output field wildcard matching example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "total" 1, "data" \[] } } ] delete import indicator removes a specific indicator from an import session in threatquotient threatq using the import id and indicator id endpoint url api/imports/{{import id}}/indicators/{{import indicator id}} method delete input argument name type required description input argument name type required description import id number required unique identifier import indicator id number required unique identifier output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" {}, "reason" "ok" } ] get event list retrieve a list of security events from threatquotient threatq with options for filtering and sorting endpoint url api/events method get input argument name type required description input argument name type required description limit number optional parameter for get event list offset number optional parameter for get event list sort string optional parameter for get event list with string optional parameter for get event list output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data id number unique identifier type id number unique identifier title string output field title description string output field description happened at string output field happened at hash string output field hash created at string output field created at updated at string output field updated at touched at string output field touched at example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "total" 600, "data" \[] } } ] get indicator by id retrieve a specific indicator from threatquotient threatq using the unique identifier provided endpoint url api/indicators/{{id}} method get input argument name type required description input argument name type required description id string required unique identifier with string optional parameter for get indicator by id output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase data object response data id number unique identifier type id number unique identifier status id number unique identifier class string output field class hash string output field hash value string value for the parameter last detected at string output field last detected at expires at object output field expires at expired at object output field expired at expires calculated at object output field expires calculated at created at string output field created at updated at string output field updated at touched at string output field touched at example \[ { "status code" 200, "response headers" { "date" "thu, 31 aug 2023 07 33 24 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "apache", "x frame options" "sameorigin", "vary" "authorization", "cache control" "no cache", "content security policy" "frame ancestors 'self';", "x xss protection" "1; mode=block", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains; preload", "set cookie" "threatq api=eyjpdii6ilr3rklqr2zvxc9inxh4k25quurqbtlrpt0ilcj2ywx1zsi6ijhuslr5mwe1 " }, "reason" "ok", "json body" { "data" {} } } ] get indicators list retrieve a comprehensive list of indicators from threatquotient threatq for analysis and threat intelligence endpoint url api/indicators method get input argument name type required description input argument name type required description limit number optional parameter for get indicators list offset number optional parameter for get indicators list sort string optional parameter for get indicators list with string optional parameter for get indicators list output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data id number unique identifier type id number unique identifier status id number unique identifier class string output field class hash string output field hash value string value for the parameter last detected at string output field last detected at expires at object output field expires at expired at object output field expired at expires calculated at object output field expires calculated at created at string output field created at updated at string output field updated at touched at string output field touched at example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "total" 7481, "data" \[] } } ] import events retrieve a list of import events from threatquotient threatq using the specified import id endpoint url api/imports/{{import id}}/events method get input argument name type required description input argument name type required description limit number optional parameter for import events offset number optional parameter for import events sort string optional parameter for import events with string optional parameter for import events import id number required unique identifier output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data id number unique identifier import id number unique identifier title string output field title description string output field description type id number unique identifier happened at string output field happened at status id number unique identifier source string output field source whitelisted string output field whitelisted duplicate string output field duplicate type object type of the resource id number unique identifier name string name of the resource user editable string output field user editable created at string output field created at updated at string output field updated at example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "total" 2, "data" \[] } } ] indicator search performs a search for indicators within threatquotient threatq based on criteria specified in the provided json body endpoint url api/indicators/query method post input argument name type required description input argument name type required description limit number optional parameter for indicator search offset number optional parameter for indicator search sort string optional parameter for indicator search criteria object optional parameter for indicator search +or array optional parameter for indicator search mentions string optional parameter for indicator search value object optional value for the parameter +contains string optional parameter for indicator search filters object optional parameter for indicator search +and array optional parameter for indicator search created at object optional parameter for indicator search +lt string optional parameter for indicator search +or array optional parameter for indicator search +and array optional parameter for indicator search updated at object optional parameter for indicator search +lt string optional parameter for indicator search +or array optional parameter for indicator search attribute object optional parameter for indicator search name string optional name of the resource value string optional value for the parameter output parameter type description parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data class string output field class score number score value value string value for the parameter expires calculated at string output field expires calculated at touched at string output field touched at id number unique identifier updated at string output field updated at published at string output field published at last detected at string output field last detected at created at string output field created at status id number unique identifier hash string output field hash type id number unique identifier adversaries array output field adversaries name string name of the resource type object type of the resource name string name of the resource id number unique identifier class string output field class status object status value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "total" 2, "data" \[], "offset" 0, "limit" 25 } } ] indicator search with value performs a search in threatquotient threatq for indicators matching a specified value requires 'value' parameter endpoint url api/indicators/search method get input argument name type required description input argument name type required description limit number optional parameter for indicator search with value offset number optional parameter for indicator search with value with string optional parameter for indicator search with value value string required value for the parameter output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data id number unique identifier value string value for the parameter hash string output field hash class string output field class type id number unique identifier status id number unique identifier last detected at object output field last detected at created at string output field created at updated at string output field updated at touched at string output field touched at type object type of the resource id number unique identifier name string name of the resource status object status value id number unique identifier name string name of the resource description string output field description limit number output field limit offset number output field offset example \[ { "status code" 200, "response headers" { "date" "wed, 30 aug 2023 10 44 30 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "apache", "x frame options" "sameorigin", "vary" "authorization", "cache control" "no cache", "content security policy" "frame ancestors 'self';", "x xss protection" "1; mode=block", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains; preload", "set cookie" "threatq api=eyjpdii6injjmdnvvgvuy2rlt0hutxfvr2w2due9psisinzhbhvlijoiqzdznxjiv0vi " }, "reason" "ok", "json body" { "total" 7411, "data" \[], "limit" 100, "offset" 100 } } ] indicators query retrieve a filtered list of indicators from threatquotient threatq based on specified filter parameters endpoint url /api/indicators/query method post input argument name type required description input argument name type required description limit string optional the maximum number of results to return offset string optional the number of results to skip before starting to return results rows string optional the number of rows to return sort string optional the field to sort the results by fields array optional parameter for indicators query filters object optional the filters to apply to the results +or array optional parameter for indicators query value string optional the value to filter by criteria object optional the criteria to apply to the results with string optional the fields to include in the results output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase total number output field total data array response data id number unique identifier type id number unique identifier status id number unique identifier class string output field class hash string output field hash value string value for the parameter last detected at string output field last detected at expires at object output field expires at expired at object output field expired at expires calculated at object output field expires calculated at created at string output field created at updated at string output field updated at touched at string output field touched at example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "total" 7481, "data" \[] } } ] update import indicator updates an existing indicator within a specified import batch in threatquotient threatq, requiring import id and import indicator id endpoint url api/imports/{{import id}}/indicators/{{import indicator id}} method put input argument name type required description input argument name type required description import id number required unique identifier import indicator id number required unique identifier value string optional value for the parameter type id string optional unique identifier status id string optional unique identifier source object optional parameter for update import indicator name string optional name of the resource tlp object optional parameter for update import indicator name string optional name of the resource whitelisted string optional parameter for update import indicator output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase data object response data id number unique identifier import id number unique identifier value string value for the parameter hash string output field hash type id number unique identifier status id number unique identifier source string output field source import event id object unique identifier whitelisted string output field whitelisted duplicate string output field duplicate duplicate indicator id object unique identifier created indicator id object unique identifier parent import indicator hash object output field parent import indicator hash type object type of the resource id number unique identifier name string name of the resource class string output field class score object score value wildcard matching string output field wildcard matching created at string output field created at updated at string output field updated at example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "data" {} } } ] response headers header description example cache control directives for caching mechanisms no cache connection http response header connection keep alive content security policy http response header content security policy frame ancestors 'self'; content type the media type of the resource application/json date the date and time at which the message was originated thu, 31 aug 2023 07 33 24 gmt server information about the software used by the origin server apache set cookie http response header set cookie threatq api=eyjpdii6injjmdnvvgvuy2rlt0hutxfvr2w2due9psisinzhbhvlijoiqzdznxjiv0viztrsnnnkvunjyzhivm10ogq4zhfea3fgohmybzgztwrhchfaenrma1lhtgpkdxp5ttg0vldnb0lrtxfclzjyt1pbu212nw92nly1ynjnpt0ilcjtywmioiiwnwjlmgy0ntdhmjy5nzk0ywjiywu2njc4ytewmjewmtg1nziwztnjnznhyjnhnti1owrimddkn2yxowyzmgriin0%3d; expires=wed, 30 aug 2023 11 44 30 gmt; max age=3600; path=/api/; secure; httponly; samesite=strict strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary authorization x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block