ThreatSonar
Overview
ThreatSonar is an advanced persistent threat (APT) hunting and endpoint detection & response (EDR) platform that runs compromise assessments, memory forensics, and auto-investigations to detect ransomware across fleets. It can be used to scan and triage endpoints on a continuing basis, visualize suspicious activity across devices, and orchestrate remediation efforts.
Available Integrations
| Product(s) | Supported Asset Type(s) | Integration Type |
|---|---|---|
| ThreatSonar | Devices | Source |
Why You Should Integrate
Integrating with ThreatSonar will provide insight into your devices being managed by ThreatSonar.
How Does the Integration Work
This integration works by pulling information about device assets from ThreatSonar using its REST API.
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
- Configure the Access Schema
| Field | Description | Example |
|---|---|---|
Protocol* | The protocol used to request your ThreatSonar server | https |
Server IP* | The IP address associated with your ThreatSonar server | 1.2.3.4 |
Port* | The Port associated with your ThreatSonar server | 80 |
Access Token | The access token generated in your ThreatSonar console | ******************** |
-
Add an Integration: Select the integration(s) you'd like to add.
- Collect devices
-
Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
| Field | Description | Example |
|---|---|---|
Name (optional) | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization. | DMZ network |
Contact Person (optional) | A placeholder to input a name or email address of a contact associated with the integration. | Jane Doe |
Link to Console (optional) | A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration. | www.product.com/devices |
Email me about frequent errors | Select this toggle to receive an email whenever an Integration has a ≥30% error rate in a 24-hour period. | n/a |
- Activate Config: Select "Activate" to enable this configuration and begin pulling data.
External Documentation
Creating credentials
The account used must provide an Access Token. This token is generated in the ThreatSonar Settings page.
Required Permissions
The account used must have the API enabled in the ThreatSonar Settings page.
Contact Us
If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected].
Updated 2 days ago