In order to use the Polarity - Threatconnect integrations, instance URL, Access ID, and an API Key are required.
Both Threatconnect and the IOC submission integrations require the same configuration options.
Indicator Types - IPs, Emails, Hashes, Domains
URL - The URL for your Threatconnect server which should include the schema (i.e., http, https) and port if required.
API Key - API Key for the provided user. To create an API key within Threatconnect, please navigate settings and create a Polarity API account.
Acces ID - Account identifier that is associated with the API Key. To find the accessID within Threatconnect, please navigate settings and create a Polarity API account.
Organization Search Blocklist - By default all organizations visible to the provided API User will be searched. This blocklist is a comma delimited list of organizations you do not want searched. This option cannot be used in conjunction with the “Organization Search Allowlist” option.
Organization Search Allowlist - By default all organizations visible to the provided API User will be searched. This allowlist is a comma-delimited list of organizations you want to be searched (organizations not listed will not be searched). This option cannot be used in conjunction with the “Organization Search Blocklist” option.
Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from Threatstream.