The ThreatQ platform is an open and extensible threat intelligence platform that allows enterprise security teams to prioritize based on threat and risk, and enable a shared understanding across teams and tools within an organization’s defense infrastructure.
Download Integration Guide
NextGen SOAR Integration
With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste hashes, domains, and IPs hundreds of times per day in order to check their reputation. D3’s integration with ThreatQ enables automated enrichment of D3 incidents with precision aggregated threat data for rapid assessment of security events.
Enrich D3 incidents with IP, domain, email, and file reputations
Conduct manual threat intelligence lookups from D3 incidents
Report indicators to add them to ThreatQ’s knowledgebase
Automate intelligence gathering
Key Use Case
Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. D3 can automatically query ThreatQ for IOC reputations and other relevant data related to new alerts, enabling instant analysis without changing interfaces.
Potential Phishing Analysis
When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 can then look up those extracted indicators in ThreatQ and reveal any associated malicious activity. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.