What is ThreatConnect? #
ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations infuse ML- and AI-powered threat intel and cyber risk quantification into their work.
Why Should You Use the ThreatConnect Connector? #
The ThreatConnect connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the ThreatConnect REST API and ingests only meta-data about ThreatConnect devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
| Field |
Description |
Example |
|---|---|---|
|
Profile Name |
The hostname of the server for ThreatConnect. |
Internal servers |
|
URL |
The URL for the ThreatConnect API. |
https://app.threatconnect.com/api. |
|
API Token |
API token for a ThreatConnect account with read access to the ThreatConnect APIs. For details, see https://docs.threatconnect.com/en/latest/rest_api/quick_start.html#generate-an-api-token. |
p7g444S3IZ5wmFvmzWmx14qACXdzQ25b |
Source Documentation #
Creating Credentials #
To create an API user account:
https://knowledge.threatconnect.com/docs/managing-user-accounts#creating-an-api-user
To create an API Token:
https://docs.threatconnect.com/en/latest/rest_api/quick_start.html#generate-an-api-token.
Required Permissions #
For details, see:
https://knowledge.threatconnect.com/docs/managing-user-accounts#creating-an-api-user
https://knowledge.threatconnect.com/docs/organization-roles
|
Object |
Permissions |
|---|---|
|
System Role |
API User |
|
Organization Role |
Read Only User |
API Documentation #
API v3
https://docs.threatconnect.com/en/latest/rest_api/rest_api.html
