IBM QRadar App for ThreatConnect User Guide
  • 09 Mar 2023
  • 1 Minute to read
  • Dark
    Light

IBM QRadar App for ThreatConnect User Guide

  • Dark
    Light

Article summary

The IBM® QRadar® App for ThreatConnect® is designed to upload Indicators from ThreatConnect to QRadar reference sets. Several filters are available to narrow the scope of Indicators retrieved from ThreatConnect, including Threat Rating, Confidence Rating, owner, Indicator type, and date of last modification. Once uploaded to QRadar, Indicators can be used to define filters and rules.

The QRadar integration operates in two modes: Indicator upload and Indicator deprecation. In Indicator upload, Indicators are uploaded to a QRadar reference set. In Indicator deprecation, Indicators are deleted from a QRadar reference set if they have been deprecated in ThreatConnect (i.e., they no longer meet the filtering criteria for the Job). Note that this configuration means that two Jobs need to be defined for every set of Indicators synced with QRadar.

This App operates in the ThreatConnect environment, with information flow running from ThreatConnect to QRadar. It is complementary to the ThreatConnect App for IBM QRadar, which operates in the QRadar environment, providing instant Indicator enrichment in QRadar from data in ThreatConnect and allowing users to look up and create Indicators or report false positives to ThreatConnect from within QRadar. See ThreatConnect App for IBM QRadar User Guide for more information.

 

Your browser does not support PDF.click here to download

 


ThreatConnect® is a registered trademark of ThreatConnect, Inc.
IBM® and QRadar® are registered trademarks of the IBM Corporation.

Attachments

Was this article helpful?