- Incident Responder Release Notes
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam Cloud Search Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Joe Security Joe Sandbox Service Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
Configure the ThreatConnect API Service
Configure ThreatConnect as a service to get entity and artifact reputations and run other ThreatConnect actions.
Create a ThreatConnect API key.
Note the access ID of the API user you use to make requests.
Note your ThreatConnect base API URL; for example, https://app.threatconnect.com/api or https://sandbox.threatconnect.com/api/
Note your organization's name as it appears in ThreatConnect.
If you use a proxy, ensure that you whitelist your ThreatConnect base API URL.
In the sidebar, click SETTINGS
, then select Core.Under SERVICE INTEGRATIONS, select Services.
Select a service:
To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.
To manually provide the relevant information for a service, click Configure a new service
.To view all actions for a service, hover over a service, then click the information icon
.
Enter information about the service:
Service Name – Enter a unique name for the service. By default, the service name is Splunk.
(Optional) Description – Describe the service.
(Optional) Owner – Enter the email address of the person or group responsible for the service.
API ID – Enter the ID of the API user you use to make requests.
API Key – Enter the ThreatConnect API key you created.
API URL – Enter your ThreatConnect base API URL.
API ORG – Enter your organization's name, as it appears in ThreatConnect.
To validate the source, select TEST CONNECTIVITY.
Select CREATE SERVICE.