Skip to main content

🔗 Product Update: Elastic Action for ThreatQuotient TDR Orchestrator

Related products:ThreatQ TDR Orchestrator (TQO)
  • November 3, 2025
  • 1 reply
  • 18 views
I
Forum|alt.badge.img+1

 

Product Update: Elastic Action for ThreatQuotient TDR Orchestrator

 

Audience: Threat Intelligence Analysts, SOC Teams, MSSPs

Product Module: ThreatQ TDR Orchestrator

Last Updated: February 4, 2025

Tags: ThreatQuotient, Elastic Security, Elastic Stack, TDR Orchestrator, Threat Intelligence, IOC Enrichment, SIEM Integration, Automation

 

 

🧠 Overview

We’re excited to announce the release of the Elastic Action for the ThreatQuotient TDR Orchestrator!

 

This new integration enriches ThreatQ indicators with contextual data from Elastic Security, allowing analysts to correlate intelligence with operational events—all within their orchestrator workflows.

 

By combining Elastic Security’s SIEM and endpoint telemetry with ThreatQ’s intelligence-driven automation, security teams can detect, investigate, and respond to threats faster and with greater context.

 

 

⚙️ Key Capabilities

 

The Elastic integration introduces a new TDR Orchestrator Action:

  • Elastic Enrich Indicators – Executes an Elastic search query to retrieve matching hits and enriches ThreatQ indicators with contextual data from Elastic Security.

 

 

🗂️ Supported Object Types

The Elastic Enrich Indicators action supports the following object types:

  • Assets

  • Indicators

Upon execution, the action returns enriched:

  • Assets

  • Indicators

This two-way enrichment helps SOC teams identify related entities, prioritize alerts, and strengthen cross-platform threat context.

 

 

🔐 Requirements

To use the Elastic Action, ensure you have:

 

  • An active ThreatQ TDR Orchestrator (TQO) license

  • Valid Elastic Security connection credentials with query access

  • Properly configured search queries or index permissions in your Elastic environment

 

 

💡 Why It Matters

Integrating Elastic Security with ThreatQ delivers:

 

  • Automated enrichment of indicators with Elastic event data

  • Improved visibility across SIEM and threat intelligence platforms

  • Faster, more efficient investigations through consolidated insights

 

Together, these capabilities help analysts move from detection to understanding—and from data to action—more efficiently.

 

 

📘 Learn More

Visit the Elastic Security documentation to explore configuration options and use cases.

 

 

💬 Try It and Share Your Experience

 

Enable the new Elastic Action in your ThreatQ TDR Orchestrator and let us know how you’re using it to enhance your enrichment workflows.

    1 reply

    S
    Forum|alt.badge.img
    • sshanti
    • Community Manager
    • 1 reply
    • November 4, 2025

    It is informative.


    Terms & ConditionsCookie settingsAccessibility statement