This document applies to Classic/Legacy Integrations. You may continue to use these integration configurations. While no active development is happening for these integrations, we continue to provide Classic/Legacy Integrations in the product. You do not have to move to MSI Integrations. If your support engineer or TSC recommends or you choose to move to MSI Integrations, you can take advantage of the latest features and functionality. For more information, see the MSI Integration documentation in the Integrations Overview.
API Calls
The following API calls are used by the Validation Platform.
| Purpose | Call |
|---|---|
| Retrieve a List of Owners | /v2/owners |
| Retrieve a List of Threat Actor and details | /v2/groups/adversaries |
| Retrieve threat actor MITRE ATT&CK tags | /v2/groups/adversaries/<adversary_id>/groups/threats |
Prerequisites
Gather the following information from your ThreatConnect environment before you start.
- Identify the host (red highlighted FQDN of the appsApiUrl in the following screenshot), port, and protocol. Note that your appsApiUrl may differ from the one shown in the screenshot.
- Identify the username, API root (blue highlighted value in the following screenshot), Access ID, and API key. Any account that has API access can be used.
appsApiURL value (Host highlighted in red, API Root highlighted in blue) on the ThreatConnect system settings page
Configuration
To add the ThreatConnect integration
Go to Settings > Integrations.
- In the Threat Intelligence Platform Integrations table, click Add Integration > ThreatConnect.
For Host, enter the FQDN value (this comes from the appsApiUrl field that you noted in the ThreatConnect environment).
- Enter the Port.
- Select the Protocol.
Enter the API Root, if one is available from the ThreatConnect environment.
This is an optional prefix to add to API calls. If unsure, check to see if there is an API value after the appsApiUrl FQDN in the ThreatConnect environment.
- Enter the Access ID.
- Enter the API Key.
- Enter the Sync Interval in hours (default: 24 hours).
(Optional) Assign a Name.
- Click Submit. The integration automatically starts to sync after it is added.
Set up Proxy Assignment
If all outbound connections go through a proxy, you may want to set up a proxy definition and assignment for your integration. For information on setting up your proxy rules, see Proxy Rules.