AiStrike Documentation

ThreatConnect

Configure a ThreatConnect API user to enable secure threat-intelligence ingestion into AiStrike, using an API Access ID + Secret Key or an API Token.

Prerequisites

  • Administrator access to ThreatConnect Organization Settings.

  • An AiStrike tenant ready to accept API-based threat-intel ingestion.

  • Network connectivity between AiStrike and ThreatConnect API endpoints.

Step 1: Create an API user

  1. In the ThreatConnect Console, go to Settings > Org Settings.

  2. On the Membership tab, click Create API User.

  3. Provide identifiable details (e.g. AiStrike / Integration) and set the System Role — Api User for standard v2/v3 access, or Exchange Admin for full access. Set an Organization Role (e.g. Standard User) and optional token expiration.

Step 2: Generate authentication

  • Access ID + Secret Key: record the Secret Key immediately (not shown again), then click Save.

  • API Token: click Save User and Generate Token; a token is generated per the expiration settings.

Step 3: Configure in AiStrike

Go to Integrations → ThreatConnect and enter:

  • API URL: https://<your-threatconnect-instance>/api

  • API Access ID and Secret Key

  • Organization Name (default API organization)

Save and test the connection.

Verify

GET /api/v3/victims HTTP/1.1
Host: <your-threatconnect-instance>
Authorization: TC-Token <your-api-token>
Content-Type: application/json

A JSON response (a list of victims or an empty dataset) confirms the connection is valid.