Integrations

Don’t have time for GUIs? Qintel works hard to ensure that accessing the world’s best cyber security data is as easy as possible. Every Qintel product is built with a straightforward API and we provide a variety of data integrations for commonly used third-party SOAR, information security, and threat intelligence products, such as the ones below. Qintel’s developers can accommodate additional platforms on request.

Maltego

Maltego is an open source intelligence and graphical link analysis tool for gathering and connecting information for investigative tasks. Maltego is utilized by a broad range of users, ranging from security professionals to forensic investigators and researchers. The Qintel integration for Maltego provides various transforms on entities such as Alias, Domain, Email, IP, Phone, Profile, Messenger ID, Proxy, as well as other, more advanced attributes.

Splunk

The Qintel Splunk app allows for the enrichment of events with Qintel data to provide context surrounding log data. This helps operators filter, monitor, and alert on activity within their environment. Currently the app supports the following enrichment sources:
QSentry Threat Intelligence
Patch Management Intelligence (PMI)

Cortex XSOAR

Palo Alto Networks Cortex XSOAR (formerly known as Demisto) is a Security Orchestration, Automation and Response (SOAR) Platform, which allows SOC analysts to track, triage, and respond to security events within their organization. The Qintel app for XSOAR provides various investigative actions and automation playbooks to enrich indicators in security events with Qintel data. These data provide analysts with context as they triage and respond to security events.

Phantom

Splunk Phantom is a Security Orchestration, Automation and Response (SOAR) Platform, which allows SOC analysts to track, triage and respond to security events within their organization. The Qintel App for Phantom provides various investigative actions and automation playbooks to enrich artifacts in security events with Qintel data. These data provide analysts with context as they triage and respond to security events.

Checkpoint Custom Intelligence Feeds

The Custom Intelligence Feeds feature provides the ability to add custom cyber intelligence feeds into the Threat Prevention engine. It allows fetching feeds from a third-party server directly to the Security Gateway to be enforced by Anti-Virus and Anti-Bot blades. The Custom Intelligence Feeds feature also assists customers with the operational and engineering management challenges they face handling indicators: managing and monitoring of the custom intelligence feeds is done with minimal operational overhead. The Qintel App for Checkpoint's Custom Intelligence Feeds takes our QSentry feed data and converts it to a form suitable for most Checkpoint appliances running GAIA OS version R80.20+.