How ThreatQ Works with Ticketing SystemsPOSTED BY DAVE KRASIK
This is another installment in a blog series discussing how ThreatQ and ThreatQ Investigations augment and integrate with modern security tools and can replace legacy processes and systems. What allows us to do this is our Open Exchange which provides the largest and most adaptable set of integrations in the industry. Open Exchange includes a software development kit (SDK), easy-to-use application programming interfaces (APIs) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.
In this blog we’ll look at how ThreatQ and ThreatQ Investigations work with ticketing systems.
The systems are designed with different use cases in mind. However, when combined they provide powerful workflows that optimize time and efficiency for both intelligence analysts and incident responders.
How ThreatQ Investigations benefit Ticketing Systems
When the systems are integrated, context and related information in ThreatQ and ThreatQ investigations is automatically pulled into the ticket, eliminating manual efforts and spreadsheets. ThreatQ Investigations provides insights into how adversaries and campaigns operate and the infrastructure used, enabling analysts and responders to more accurately scope an attack, accelerate response and prevent future attacks. Information about related campaigns – those executed by the same adversary – can help the team do intel pivoting to see if they have missed any similar attacks in the past and remediate. Threat artifacts can be marked as false positives where applicable.
How Ticketing Systems benefit ThreatQ Investigations
Ticketing systems provide ThreatQ Investigations with local context about indicators that have been seen in real incidents in the organization. This is factored into ThreatQ’s automated scoring to create a Threat Library that is relevant and specific to your environment. Tasks in the ticketing system can be created and tracked to resolution by teams that don’t have access to the ThreatQ interface enabling an efficient and coordinated response.
To learn more, download our Ticketing System Technology Partnership Brief.
We encourage you to read our blog on how ThreatQ works with SIEM systems. And stay tuned for more blogs where we’ll discuss how ThreatQ and ThreatQ Investigations work with other complementary technologies that are likely in your security stack.