Latest Version 1.0.1
September 17, 2021
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
ThreatQ
Integrates a variety of ThreatQ services into Phantom.
Built by
Compatibility
Not Available
Platform Version: 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.10, 4.9, 4.8, 4.7, 4.6, 4.5, 4.2, 4.1, 4.0, 3.5, 3.0, 2.1, 2.0, 1.2
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Ranking
#7
in Information
Integrates a variety of ThreatQ services into Phantom.
Supported Actions
- test connectivity: Validate the asset configuration for connectivity.
- run query: Query ThreatQ and grab attributes
- create ioc: Create IOC in ThreatQ
- get related iocs: Query ThreatQ for related IOCs
- link ioc: Link IOCs together
- create event: Create event based on current container
- upload file: Upload file from vault in current container
- domain reputation: Get attributes, related indicators, and related adversaries
- ip reputation: Get attributes, related indicators, and related adversaries
- email reputation: Get attributes, related indicators, and related adversaries
- url reputation: Get attributes, related indicators, and related adversaries
- file reputation: Get attributes, related indicators, and related adversaries
- update status: Change Indicator Status in ThreatQ
- create adversary: Create Adversary in ThreatQ
Categories
Created By
srv-stage-community
Source Code
GitHub(Opens new window)Type
connector
Downloads
1
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing