In this podcast recorded at RSA Conference 2016, Chris Jacob, Global Director of Threat Intelligence Engineers at ThreatQuotient, introduces the ThreatQ threat intelligence platform.
ThreatQ caters to timeline analysis by plotting various events/incidents and overlaying second and third datapoints of interest. Event data can be automatically created through any number of technology capabilities – ticket systems, SIEM export, sandboxes, log repositories, etc. These visualizations are highly sought after by intelligence analysts to overlay chronological subsets and pivot through the data to discover trends or suspicious patterns.
ThreatQ tracking and integration
You can track campaign attribution to an indicator or set of indicators to better understand the attack targeting and mission objectives. By tagging campaign attribution to an event (e.g., spearphish, SQL injection, watering-hole attack) teams can deconstruct an adversary’s logic over several attack progressions and build a threat profile to determine which defensive strategies will provide the most effective and successful blocking or detection rate.
ThreatQ integrates with over 25 vendors to ensure customers can keep their detection solutions up to date. The TQI dev team is constantly building out integrations with new tools to ensure customers are maximizing the value of their threat intelligence by operationalizing it.