Versions Compared

Version Old Version 1 New Version Current
Changes made by

Alvaro de la Serna Martinez

Virginia Camuñas Núñez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Follow these simple steps to upgrade your ThreatLink environment:

  1. Install the Latest Version:

  • Head over to the SOAR use case library.

  • Locate the newest ThreatLink version and install it.

  • During the installation, make sure to configure the necessary connections.

  • DO NOT start the new playbook stream.

  1. Import Case Settings:

  • Go to "Settings."

  • Select "Case Settings."

  • Choose "General."

  • Click "Import" and import the provided Case Setting JSON file from the top of this page.

...

  • Open the Case Template.

  • Add two new tabs: "Alert Queries" and "System Fields."

  • Populate these tabs with the associated fields (refer to the screenshot provided).

    Case Template Screenshot.pngImage RemovedImage Added

  1. (MSSP Instances Only) Set Up Child Domain Integrations:

...

That's it! You've successfully upgraded your ThreatLink environment.

Infonote

Important Notes:

  • Make sure you have the necessary permissions to perform these actions.

  • If you encounter any issues during the upgrade process, refer to the ThreatLink documentation or contact support for assistance.

  • Always back up your existing configuration before performing an upgrade.

  • After the upgrade, test your ThreatLink playbooks thoroughly to ensure they function correctly.

How to upgrade an existing environment:

...

Install the newest version from the SOAR use case library

...

During the import process, configure the connections.

...

Import the Case Setting JSON.   (Settings/case settings /general /import)

...

Update the case template; see the screenshot above.

  1. Add a new tab called Alert Queries and the associated field.

  2. Add a new tab called System Fileds and associated fields.

...

If upgrading an MSSP instance where alerting is configured in child domains:

  1. Set up new Devo integration connections using the alert API for each child domain and note the connections' names.

  2. Configure the Domain Connection Custom List, mapping the domain to the connection names.

...

Pause the old streams.

...

  • .