ThreatQuotient’s solutions make security operations more efficient and effective. The ThreatQ open and extensible platform integrates disparate security technologies into a single security infrastructure, automating actions and workflows so that tools and people can work in unison. Empowered with continuous prioritization based on their organization’s unique risk profile, security teams can focus resources on the most relevant threats, and collaboratively investigate and respond with the aim of taking the right actions faster.
This integration connects to ThreatQ and provides the following capabilities from within ServiceNow:
- Threat Lookup
- Observable Enrichment
These capabilities enable ThreatQ to provide additional critical context to ServiceNow observables by ingesting the following data during the enrichment:
- Observable relationships: Adversaries, Asset, Attack Pattern, Campaign, Course of Action, Exploit Target, Events, Identity, Incident, Intrusion Set, Malware, Signatures, Type, TTP, Tool, Vulnerability
- Observable properties: Type, Status, Score, Sources, and Tags
- User-defined list of ThreatQ attributes
All the ingested data is parsed in it's own separate field in ServiceNow, and available to the user on a tab on the main Security Incident details page as well as the observable's details. All server responses are stored as JSON and allow for further scripting within the ServiceNow platform.
The integration can connect with on-prem ThreatQ instances using the ServiceNow MID server.
The following lists the features added in this version of the ThreatQ app.
- Migrated workflow to flow designer
- Added support for Washington DC and Xanadu releases
- ThreatQ v5.x / v6.x
- ServiceNow
- Security Incident Response
- Threat Intelligence
- Threat Intelligence Support Common