The ThreatConnect integration with BlackBerry Protect enables automated investigation and response actions to be taken in real time. This app provides a powerful set of actions that can be leveraged within a larger security workflow orchestration or even a simple automation. Immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence. The following actions are available:
- Get Threat
- Get Threats
- Get Threat Devices
- Get Threat Download URL
- Get Global List
- Add to Global List
- Delete from Global List
- Get Device
- Get Devices
- Get Device Threats
- Update Device
With the Service app, you can perform a similar action to the “Get Threats” action in the respective playbook except on a polling schedule. The app service has the following inputs:
- Poll Interval – The frequency in minutes to check for threats.
- Max Historical Poll Start – Upon activation, the first poll will be conducted after the completion of the first Poll Interval period. On future runs, if the time of last run is greater than the poll interval the app will only retrieve data as far back as the input value for this field
- Service Endpoint – The endpoint for the set of BlackBerry Protect servers to which your Organization belongs.
- Tenant ID – The BlackBerry Protect tenant ID. This information is found on the BlackBerry Protect Integrations page.
- Application ID – The BlackBerry Protect application ID.
- Application Secret Key – The BlackBerry Protect application secret key.
These apps can be found in the ThreatConnect App Catalog under the names: BlackBerry Protect (Playbook), BlackBerry Protect (Customer Trigger)