What is ThreatQ? #
ThreatQ is the first purpose-built, data-driven threat intelligence platform that helps teams prioritize, automate and collaborate on security incidents; enables more focused decision making; and maximizes limited resources by integrating existing processes and technologies into a unified workspace.
Why Should You Use the ThreatQ Connector? #
The Crowd connector provides visibility into the assets and user in your environment. You can use this visibility to:
-
ensure users are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the ThreatQ REST API and ingests only meta-data about ThreatQ devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
| Field | Description | Example |
|---|---|---|
| Profile Name | Name of this profile for the connector | production servers |
| URL | The URL for the ThreatQ API. | https://ThreatQ.mycompany.com |
| | Email for a ThreatQ account with read access to the ThreatQ APIs. | |
| Client ID | Email for a ThreatQ account with read access to the ThreatQ APIs. For details, see https://docs.threatq.com/rest_api#section/Introduction | ngmwzmvkntc1owe4nmy0mjuyoda0nwq1 |
| Password | The password for a ThreatQ account with read access to the ThreatQ APIs. | Dontstopmenow1978! |
Source Documentation #
Creating a User Account #
For details, see:
Creating Client ID #
For details on generating a client ID in ThreatQ , see:
https://docs.threatq.com/rest_api#section/Introduction
Required Permissions #
The user must have read access to the ThreatQ APIs.
For details, see:
API Documentation #
API v2
