In order to use the Polarity - ThreatQuotient integrations, instance URL, username, password, and clientID are required. In order to complete configuration, the Polarity server admin will also need to configure the threatq-config.js file.
Both ThreatQuotient and the IOC submission integrations require the same configuration options.
Indicator Types - IPs, Emails, Hashes, Domains
URL - The URL for your ThreatQuotient server which should include the schema (i.e., http, https) and port if required.
Username - Username for the account using the ThreatQuotient integration.
Password - Password associated with the username, for the account using the ThreatQuotient integration.
Client ID - The Client ID for your ThreatQ deployment. (accessible at https:///assets/js/config.js)
Enable Adding Tags - If selected, users will be able to add new tags from the overlay window
Enable Deleting Tags - If selected, users will be able to delete tags from the overlay window
Enable Editing of Indicator Status - If selected, users will be able to edit the “status” of an indicator (e.g., Active, WhiteListed, Review etc.)
**Enable Manual Editing of Indicator Score **- If selected, users will be able to edit the “score” of an indicator. Note that manually setting the score of an indicator is not a recommended best practice. Setting the score manually prevents ThreatQuotient from setting an automatic indicator score.
Minimum Score - Minimum indicator score to be returned by the integration. Lower the score the more information that will be displayed by Polarity.
Maximum Score - Maximum indicator score to be returned by the integration.
Indicator Statuses - Status of the indicators to be searched. Statuses are: active, review, expired, indirect and whitelisted.
Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from ThreatQuotient.
Configuring the threatq-config.js file - In order for Polarity to search for the correct indicators, the Polarity server admin will need to edit the threatq-config.js file. To find the indicator values please see https:///api/indicator/types