ThreatQuotient™ simplifies and accelerates security operations through a platform that creates a unified workspace for threat, SOC, and IR analysts to understand threats, perform investigations and collaborate across teams and tools. ThreatQuotients’ solutions reduce noise, highlight top priority threats and automate processes to provide greater focus and decision support.
The integration between Archer and ThreatQuotient simplifies the exchange of information between the two platforms in either direction, without requiring a user in either system to copy and paste data from one platform to the other. The integration enables Archer users to remain within the Archer interface while updating Archer with threat intelligence information from ThreatQ. Additionally, users of ThreatQ can pass information to Archer seamlessly, including actions and assignments to other groups that map to an organization’s operational workflow, all while maintaining a history of work done.
ThreatQuotient integration with Archer enables organizations to:
Create an associated event in ThreatQ from an Incident to use that incident's context in ThreatQ and inform the Self Tuning Library
Update a pre-existing Event associated with an Incident to keep the IoC relationships and context up to date for scoring purposes
Allow a subset of incidents to be automatically created and synchronized against a TQ Event Type to use the incidents context in ThreatQ
Automatically update an associated incident when an Event is modified to reduce overall work on analysts