The current integration still requires the old means of authenticating with the TIP server using Oauth2 Client ID and Oauth2 Client Secret which need to be generated via CLI commands, while these days they have switched to a combination of user account and API token, which are generated via the web UI, So it is preferrable that you make this switch.
Thanks for reporting this @frederikvandeputte, I've just created an issue in our integrations repo to track: Threat Quotient | Authentication · Issue #3954 · elastic/integrations · GitHub
I can't seem to locate ThreatQ documentation to walkthrough the steps to generate an API token. Would you be able to share, if you have some relevant docs?
The actual documentation is as far as I know not publicly available, but there are some posts that can be found that address this very issue:
https://www.threatq.com/threatq-open-exchange-api/ and https://www.threatq.com/api-part-2/ Maybe, this will get you started.
When a user is added an authentication token is automatically generated for this user.
The account requires to have an email address as well.
When authenticating with the API a combination of Token, email address and password is used:
ThreatQ uses OAuth 2.0 to authenticate end users. You must have a ThreatQ user account to retrieve an api token. The api token is required for all api requests. The token does time out; therefore, you must periodically refresh the token.
- Run a GET request to retrieve your client ID using the following format: https://hostname/assets/js/config.js
- Run a POST/token request to retrieve your authorization access token. See POST/token in the Authorization section of this reference for the correct format.Include the following parameters:
- grant_type (password)
- client-id (retrieved in step 1)Example: https://hostname/api/token?grant_type=password&client_id=ab20a55dd9ac779246210d7102a45ee37In the request body, include your ThreatQ credentials:
- Enter the access token as the authorization key in the header for all subsequent api requests.