Skip to main content

CTM360 ThreatCover Integration

T
Written by Tooba Alam
Updated this week

About CTM360 ThreatCover

CTM360 ThreatCover is a cybersecurity solution offered by CTM360 that provides protection against various online threats, including digital risk management, attack surface monitoring, and threat intelligence. It helps businesses identify vulnerabilities in their digital presence and respond to cyber threats proactively.

SIRP integrates with CTM360 Threat Cover for the enrichment of the collected data, visibility into threat patterns, and extended automation for removing or containing threats.

The comprehensive detection capabilities of CTM360 ThreatCover, combined together with SIRP’s risk-based SOAR platform provide SOC teams with an unparalleled defense posture. This integration ensures that SOC teams have real-time access to active threats, faster threat visibility and detection, and comprehensive data on artifacts, allowing for more accurate context and threat validation.

Supported Actions

SIRP’s CTM360 ThreatCover integration app allows you to execute the following actions:

S.no

Actions

Description

1

Get Threats

Pulls Threat Intelligence feeds from CTM360 ThreatCover

Enable and Configure the CTM360 ThreatCover App

Create CTM360 ThreatCover API Credentials

Follow these steps to generate the CTM360 ThreatCover API credentials (which will be later used in SIRP to enable the CTM360 ThreatCover App:

  • Log in to your CTM360 ThreatCover instance.

  • Click on the dropdown then select ThreatCover next to CTM360 logo.

  • Select the Taxii Feeds option and then copy Collection ID of Observables.

  • For API KEY click API TOKEN and then copy Api key.

Once the API key is generated.

Configure The SIRP App

  • Next, log in to SIRP, then go to Apps from the left navigation bar

  • Locate the CTM360 ThreatCover App.

  • Click on the Toggle button to enable the app.

  • As soon as you enable the App, you will get an option to add the configuration details.

  • Click Save to enable the app.

Create Ingestion Source

In order to start ingesting threat feeds from CTM360 ThreatCover through API, you need to create a new ingestion source and enable it.

1. Go to Administration section from the left-hand navigation bar

2. Go to Automation > Ingestion Sources

3. Click on Add Source

4 . Fill the fields in the ingestion form as shown in the image above:

  • Status: Enable

  • Ingestion Method: API

  • Format: JSON

  • Name: CTM Threat Cover (This can be any name to distinguish this ingestion source)

  • Ingestion Type: Threat Intel

  • Applications: CTM360 ThreatCover

  • Actions: GET THREATS

5. Click Save button to create the new ingestion source.

6. The last step after creating an ingestion source is mapping the data fields ingested from CTM360 ThreatCover with the fields available in SIRP. After you create the ingestion source, you will get a new configuration icon under the Actions column. Click on the icon to configure the fields.

7. Configure the field mapping as shown in the following screenshot and click Save.

After enabling the ingestion source, SIRP will start to call CTM360 ThreatCover Threat Intelligence’s API every 1 minutes to check for any new threat feeds. If SIRP finds any feeds, it will start ingesting the records within its database.

The results will be visible in the Threat Intelligence module. The Pending tab will list all the ingested feeds.

Did this answer your question?