We’re excited to share the news with you today that our ecosystem of partner products we support just got even larger with the addition of RSA Archer!

Say goodbye to cutting and pasting data from one platform to the other. The integration between RSA Archer and ThreatQ simplifies the exchange of information between the two platforms. RSA Archer users remain within the interface and update RSA Archer with threat intelligence information from ThreatQ. Additionally, users of ThreatQ can pass information on to Archer seamlessly for action and assignment to other groups as part of their existing workflow. Meanwhile incidents from RSA Archer can be pushed to ThreatQ, augmented with context and stored in the Threat Library where they can be accessed by teams and technologies to strengthen defenses and inform future investigations.

The integration supports teams and use cases associated with RSA Archer Cyber Incident & Breach Response. When incidents are enriched with context and prioritized, teams are better able to focus on the most impactful incidents. This helps them to work more efficiently and effectively through their defined incident response and triage procedures and prepare for data breaches.

Integration Features

ThreatQ integration with RSA Archer enables organizations to:

• Enrich an artifact with context from ThreatQ to more accurately understand incident response tasks
• Create an associated event in ThreatQ from an incident in RSA Archer, enrich the incident with context from ThreatQ and inform the self-tuning Threat Library
• Update a pre-existing event associated with an Incident to keep the IoC relationships and context up to date for scoring and prioritization purposes
• Allow a subset of incidents to be automatically created and synchronized against a ThreatQ event Type to use the incidents’ context in ThreatQ
• Automatically update an associated incident when an event is modified to reduce analysts’ workload

Our integration with RSA Archer demonstrates once again the value of a threat-centric approach to security operations that integrates tools into a systemic security architecture. When teams have a deeper understanding of relevant threat intelligence and can use automation to prioritize, they can accelerate detection and response and benefit from the collective strength of their security ecosystem.

For more information download the Implementation Guide or request a demo.