HOW THREATQ WORKS WITH…

When combined, ThreatQ and SIEMs provide integrated workflows that optimize time and user experience for intelligence and security analysis alike. By applying context, relevance and prioritization to threat data prior to applying it to the SIEM, the SIEM becomes more efficient and effective. Using curated threat intelligence allows organizations to reduce the noise generated by the SIEM and encounter fewer scalability issues.

ThreatQ and Incident Response platforms / ticketing, when working together, provide powerful workflows that optimize time and efficiency for both intelligence analysts and incident responders. Context and related information is automatically pulled into the ticket, eliminating manual efforts and spreadsheets. ThreatQ provides insights into how adversaries and campaigns operate, and the infrastructure used, enabling analysts to more accurately scope an attack, accelerate response and prevent future attacks. Information about related campaigns – those executed by the same adversary – can help the team do intel pivoting to see if they have missed any similar attacks in the past and remediate. Teams can also flag false positives so the system can learn and fine-tune automatically.

While ThreatQ Investigations provides powerful, integrated, threat data visualizations, existing investments in visualization tools can be leveraged through API integrations. Visualization tools are normally data focused for analysis, whereas ThreatQ Investigations enables the coordination of the investigation between multiple team members. It provides a single visual representation of the complete investigation at hand, who did what and when, based on a shared understanding of all components of the investigation – threat data, evidence and users.

ThreatQ and Orchestration tools are complementary, and when used together provide integrated workflows that optimize time and user experience for intelligence and security analysis alike. Orchestration tools are process-focused and will repeat execution of the same playbook (or task(s)). ThreatQ is focused on providing a highly relevant, custom enrichment source to orchestration tools as well as capturing playbook output to learn, tune the Threat Library and serve as organizational memory. Combined, ThreatQ and orchestration tools better position the organization for both defenses and response.

Most EDR systems have limitations on the quantity of external threat data they can consume and search for. It’s important that they are provided with the most relevant and important data for that organization. The unique prioritization capabilities built into ThreatQ can ensure the right data is published to the right tools.