ThreatQis a threat intelligence platform that structures and normalizes intelligence data for proper deployment into a variety of tools, including HP’s ArcSight ESM. The customer can control what information is exported from ThreatQ and ingested into ArcSight to extend alert capabilities and to assist with event triage investigations. Customers will be able to configure Hunting Active Channels to assist with more complex cyber correlations.
ThreatQ offers several pre-configured ArcSight Connectors out-of-the-box including ArcSight (an export of all indicators/indicator types), Email Addresses, Email Attachments (i.e. file names), Email Subject, FQDN, MD5, URL, URL Path, User-Agent, and X-Mailer. ThreatQ will output the indicators that match the export criteria in the necessary CEF format. The SmartConnector will authenticate to ThreatQ using the Export Token Key and import the ThreatQ export.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
The event format complies with the requirements of the HPE ArcSight Common Event Format.The HPE ArcSight CEF connector will be able to process the events correctly and the events will be available for use within HPE’s ArcSight product.In addition, the event content has been deemed to be in accordance with standard SmartConnector requirements.The events will be sufficiently categorized to be used in correlation rules, reports and dashboards as a proof-of-concept (POC) of the joint solution.
Joint customers with questions regarding the integration between ThreatQuotient’s ThreatQ intelligence platform and HP’s ArcSight SIEM should call or email the ThreatQ’s support contact information above, identify themselves, and describe the problem. Contact support at firstname.lastname@example.org
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox