Connectors

ThreatConnect

Steps to Set Up HTTP Source Collection. — ThreatConnect

1. Login to ThreatConnect

  • Open your ThreatConnect account and log in with your credentials.

2. Navigate to Playbooks

3. Click on “New“ button to create webhook trigger

4. Create a Playbook
a. On the top navigation bar, click Playbooks to display the Playbooks screen.
b. Create a new Playbook or open an existing one.
c. Click Triggers on the side navigation bar of the Playbook Designer to view all available Triggers
d. Select WebHook from the External menu to add a WebHook Trigger to the design pane.

 

5. Double-click the Trigger. The Configure section of the Edit Trigger pane will be displayed on the left side of the screen

a. WebHook Name: Enter a name for the Trigger.
b. Path: A unique Trigger URL is generated automatically for each use of the Trigger. If desired, click in the box to edit the link’s universally unique identifier (UUID) path.
c. Timeout: By default, the Trigger’s timeout length (that is, the amount of time the Trigger can run before timing out) is set to 5 minutes. Click in the box to edit this value, if desired.

6. If require add response header and response body. Click the NEXT button.

7. Click the SAVE button

8. Change the mode from design mode to Active

Conclusion

Following these steps, you will be able to set up an webhook trigger for threatConnect. Ensure that you store the trigger URL securely as it is required for integration.

In the Platform (Bolster Platform):

1. Login to the Platform:

2. Navigate to Automation:

  • Click on the Integration tab, Go to ThreatConnector.

3. Create New Connector:

a. In the ThreatConnect Connector popup, provide a name for the connector.

4. Input ThreatConnect (webhook trigger) URL
a. In the URL field, paste the URL you copied from the ThreatConnect webhook trigger setup.

5. Test and Save Connector:
a. Click on Test Connector to ensure everything is set up correctly.
b. Once the test is successful, click Save.

By following these steps, you can successfully set up a connection to send data from your platform to a threatConnect. This integration allows for automated data transfers and notifications directly within your threatConnect env.

Verify the data from platform in ThreatConnect

  1. Create an automation playbook in the platform by clicking on “NEW PLAYBOOK
  2. Provide the all the necessary details in the form
  3. In define connectors in the form
  4. In define connectors, choose above created connector
  5. Run the playbook
  6. Observe the result in the ThreatConnect

NOTE – Export Format on playbook should always be JSON for this guide to work

Updated on August 7, 2024
Was this article helpful?
Yes No
Thanks for your feedback
Related Articles
Microsoft 365 Exchange/Defender Connector

This page captures detail step to be follow by Bolster Customer to successfully integrate Microsoft 365 Exchange/Defender with Bolster platform.…
Slack

Playbook Connectors for Slack You can add connectors to Slack channels so that playbooks can route data to those channels.…
API

Playbook Connector for APIs The playbook connector for APIs allows you to define custom HTTP requests to deliver your playbook…