How ThreatQ Works with Orchestration ToolsPOSTED BY JON WARREN
In previous blogs we’ve discussed how ThreatQ and ThreatQ Investigations augment and integrate with SIEM and ticketing systems. Here, I’ll explain how ThreatQ and ThreatQ Investigations work with orchestration and automation tools that may exist within your environment.
Although designed for different use cases, when combined the solutions provide integrated workflows that optimize time and user experience for both intelligence and security analysts.
Orchestration and automation tools are process-focused and will repeat execution of the same task or logical series of tasks. But because all threat data is not created equal, without first aggregating, scoring and prioritizing intelligence, you may not be applying automation appropriately. ThreatQ focuses on what is learned during the execution of that task to better position the organization for defense and response.
For example, because ThreatQ offers a threat intelligence library that is enriched with context for relevance and prioritization, orchestration tools can query ThreatQ for deployment-specific threat context, scores and data relationships. Orchestration tools can read, write and store threat context and metadata learned as part of running a playbook. Decisions are based on threat scores and context within ThreatQ, so that automation is being applied appropriately based on the latest intelligence.
ThreatQ and ThreatQ Investigations also benefit when used together with orchestration and automation tools. For example, orchestration and automation tools allow you to take the right action, faster by accelerating the execution of the response determined by ThreatQ Investigations. Furthermore, you can run playbooks and actions on demand as ‘Operations’ directly from ThreatQ and Threat Investigations. And, finally, while ThreatQ and ThreatQ Investigations work with a broad ecosystem of equipment, tools and technologies to operationalize threat intelligence, integration with orchestration and automation tools further extends the number of products compatible with ThreatQ.
To learn more, download our Orchestration Tools Technology Partnership Brief.
Stay tuned for our next blog in this series which will focus on how ThreatQ and ThreatQ Investigations work with visualization tools.