How ThreatQ Works with Visualization ToolsPOSTED BY LIZ BUSH
In this blog series, we’re focusing on how ThreatQ and ThreatQ Investigations augment and integrate with modern security tools and are able to replace legacy processes and systems. We accomplish this through our Open Exchange that includes a software development kit (SDK), easy-to-use application programming interfaces (APIs) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.
We’ve previously discussed how we work with SIEM and ticketing systems, as well as orchestration and automation tools. Here, we’ll look at how ThreatQ and ThreatQ Investigations work with your existing visualization tools.
ThreatQ and visualization tools are designed with different use cases in mind. Visualization tools are normally data focused for analysis. Leveraging the ThreatQ Threat Library™, a central knowledge base for all threat data relevant to your organization, ThreatQ Investigations focuses on providing powerful, integrated, threat data visualizations that enables the coordination of the investigation between multiple team members.
When these solutions are used together, you can query the Threat Library™ from your visualization tool. You can link data between adversaries, campaigns, indicators, files and events for a more complete picture of the threat. The Threat Library combines both external and internal threat data from a virtually limitless set of sources to provide context for a deeper understanding of the threat and relevance to your specific environment. You can score threats based on relevance so that security teams can stay focused on high-priority threats. Using ThreatQ Investigations you can assign tasks and see actions unfold across people and teams.
Integration with your data visualization tools enriches ThreatQ as well. Data visualization enhances the ability of your analysts to understand a threat. Additionally, by publishing threat data back to ThreatQ you can augment and enrich the Threat Library, further customizing it for your environment.