Integrations

Don’t have time for GUIs? Qintel works hard to ensure that accessing the world’s best cyber security data is as easy as possible. Every Qintel product is built with a straightforward API and we provide a variety of data integrations for commonly used third-party SOAR, information security, and threat intelligence products, such as the ones below. Qintel’s developers can accommodate additional platforms on request.

Maltego

Maltego is an open source intelligence and graphical link analysis tool for gathering and connecting information for investigative tasks. Maltego is utilized by a broad range of users, ranging from security professionals to forensic investigators and researchers. The Qintel integration for Maltego provides various transforms on entities such as Alias, Domain, Email, IP, Phone, Profile, Messenger ID, Proxy, as well as other, more advanced attributes.

Splunk

The Qintel Splunk app allows for the enrichment of events with Qintel data to provide context surrounding log data. This helps operators filter, monitor, and alert on activity within their environment. Currently the app supports the following enrichment sources:
QSentry Threat Intelligence
Patch Management Intelligence (PMI)

Cortex XSOAR

Palo Alto Networks Cortex XSOAR (formerly known as Demisto) is a Security Orchestration, Automation and Response (SOAR) Platform, which allows SOC analysts to track, triage, and respond to security events within their organization. The Qintel app for XSOAR provides various investigative actions and automation playbooks to enrich indicators in security events with Qintel data. These data provide analysts with context as they triage and respond to security events.

Phantom

Splunk Phantom is a Security Orchestration, Automation and Response (SOAR) Platform, which allows SOC analysts to track, triage and respond to security events within their organization. The Qintel App for Phantom provides various investigative actions and automation playbooks to enrich artifacts in security events with Qintel data. These data provide analysts with context as they triage and respond to security events.

Checkpoint Custom Intelligence Feeds

The Custom Intelligence Feeds feature provides the ability to add custom cyber intelligence feeds into the Threat Prevention engine. It allows fetching feeds from a third-party server directly to the Security Gateway to be enforced by Anti-Virus and Anti-Bot blades. The Custom Intelligence Feeds feature also assists customers with the operational and engineering management challenges they face handling indicators: managing and monitoring of the custom intelligence feeds is done with minimal operational overhead. The Qintel App for Checkpoint's Custom Intelligence Feeds takes our QSentry feed data and converts it to a form suitable for most Checkpoint appliances running GAIA OS version R80.20+.

The Hive/Cortex

The Hive/Cortex is a Security Incident Response Platform and observable analysis platform, which gives operators the ability to quickly investigate and act upon security incidents. This platform is frequently used in conjunction with other open source platforms, such as MISP.

The Qintel analyzers for Cortex gives operators the ability to enrich events with QAuth threat intelligence and QWatch credential data, providing the context needed to classify observables and respond to events. Qintel also provides custom TheHive report templates for visualizing Cortex results.

Anomali ThreatStream

Anomali ThreatStream is a threat intelligence platform that aggregates diverse sources of threat intelligence. QSentry feeds are integrated and available within the ThreatStream platform.

Minemeld

Minemeld is a threat intelligence processing tool that allows you to extract indicators from threat intelligence feeds and compile the indicators into multiple formats compatible with Palo Alto Networks AutoFocus and other SIEM platforms. The QSentry miner for Minemeld allows you to pull QSentry feeds directly into Minemeld for further integration.

Zeek

Zeek is an open source platform for network security monitoring. QSentry feeds can be integrated as part of Zeek’s Intelligence framework to allow for matching and alerts based on the network traffic it’s inspecting.

Misp

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. The Qintel modules for MISP gives operators the ability to enrich events with QAuth threat intelligence, providing the context needed to classify and respond to events. Operators can also pivot on attributes, querying the breadth of Crosslink data to discover additional context and data.