This document applies to Classic/Legacy Integrations. You may continue to use these integration configurations. While no active development is happening for these integrations, we continue to provide Classic/Legacy Integrations in the product. You do not have to move to MSI Integrations. If your support engineer or TSC recommends or you choose to move to MSI Integrations, you can take advantage of the latest features and functionality. For more information, see the MSI Integration documentation in the Integrations Overview.
Update Threat Quotient
Identify or create credentials to access Threat Quotient with read access, at minimum.
API Calls
The following API calls are used by Validation Platform.
| Purpose | Call |
|---|---|
| Get Access Token | /token |
| Get Threat Actors (Paginated) | /adversaries |
| Get Actor Descriptions | /adversaries/{actor_id}/description |
| Get Actor Location | /adversaries/{actor_id}/attributes?attribute_name=Country |
| Get Actor Aliases | /adversaries/{actor_id}/?with=adversaries |
| Get Actor Malware Used | /adversaries/{actor_id}/malware |
| Get Actor Attacks (MITRE) | /adversaries/{actor_id}/malware |
Update the Security Validation Platform
Prerequisites
Information to gather before you start:
- Identify the host, port, and protocol associated with your Threat Quotient instance
- Identify the email, and password associated with your Threat Quotient account
- Identify your Client ID in the Settings section of the Threat Quotient SNYPR Web Portal
Configuration
To add the Threat Quotient integration
Go to Settings > Integrations.
- Click Add Integration > Threat Quotient.
- Enter the Host, Port, and Protocol.
- Enter the Email, Password, and Client ID.
- Enter the Sync Interval in hours (default: 24 hours).
(Optional) Assign a Name.
Click Submit.
Set up Proxy Assignment
If all outbound connections go through a proxy, you may want to set up a proxy definition and assignment for your integration. For information on setting up your proxy rules, see Proxy Rules.
Verify connectivity
To verify connectivity to the Threat Quotient integration
Click Test to verify that:
- The Director can communicate with the integration host on the port and protocol specified.
- The integration credentials are valid and working.