Actions for ThreatQ #
- Send Data to ThreatQ. Sends a custom set of Lucidum data to ThreatQ.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to ThreatQ on a regular schedule.
- You can send normalized, enriched Lucidum data to ThreatQ to be indexed, searched, and analyzed.
Prerequisites #
To execute ThreatQ actions, you must configure a ThreatQ API connection beforehand.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
ThreatQ Configuration #
To create a configuration for ThreatQ actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL of the ThreatQ API. For example, https://mythreatqhost.com/api.
-
Client ID. Client ID associated with your ThreatQ account. To retrieve the client ID, send a GET request to https://hostname/assets/js/config.js. For details, see https://docs.threatq.com/rest_api#section/Introduction.
-
Username. Email address associated with a ThreatQ account with read and write access to the API.
-
Password. Password for a ThreatQ account with read and write access to the API.
-
Max # of Records per Payload. The maximum number of records to send to ThreatQ in each action. The default value is “50”.
Create a New Action #
To create an action for ThreatQ, contact Lucidum customer care.
