How to Update ThreatLink via the UseCase Library
- Alvaro de la Serna Martinez
- Virginia Camuñas Núñez
Download the following files for use with this installation:
Case Settings:
Upgrading ThreatLink: A Step-by-Step Guide
Follow these simple steps to upgrade your ThreatLink environment:
Install the Latest Version:
Head over to the SOAR use case library.
Locate the newest ThreatLink version and install it.
During the installation, make sure to configure the necessary connections.
DO NOT start the new playbook stream.
Import Case Settings:
Go to "Settings."
Select "Case Settings."
Choose "General."
Click "Import" and import the provided Case Setting JSON file from the top of this page.
Update the Case Template:
Open the Case Template.
Add two new tabs: "Alert Queries" and "System Fields."
Populate these tabs with the associated fields (refer to the screenshot provided).
(MSSP Instances Only) Set Up Child Domain Integrations:
If you're upgrading an MSSP instance with alerting in child domains, you'll need to set up new Devo integration connections.
Use the alert API for each child domain.
Make a note of the connection names for each child domain.
(MSSP Instances Only) Configure Domain Connection List:
Open the "Domain Connection Custom List."
Map each child domain to its corresponding connection name.
Activate the New Version:
Pause the old ThreatLink streams.
Start the new playbook streams.
That's it! You've successfully upgraded your ThreatLink environment.
Important Notes:
Make sure you have the necessary permissions to perform these actions.
If you encounter any issues during the upgrade process, refer to the ThreatLink documentation or contact support for assistance.
Always back up your existing configuration before performing an upgrade.
After the upgrade, test your ThreatLink playbooks thoroughly to ensure they function correctly.