IBM QRadar App for ThreatConnect User Guide

The IBM^® QRadar^® App for ThreatConnect^® is designed to upload Indicators from ThreatConnect to QRadar reference sets. Several filters are available to narrow the scope of Indicators retrieved from ThreatConnect, including Threat Rating, Confidence Rating, owner, Indicator type, and date of last modification. Once uploaded to QRadar, Indicators can be used to define filters and rules.

The QRadar integration operates in two modes: Indicator upload and Indicator deprecation. In Indicator upload, Indicators are uploaded to a QRadar reference set. In Indicator deprecation, Indicators are deleted from a QRadar reference set if they have been deprecated in ThreatConnect (i.e., they no longer meet the filtering criteria for the Job). Note that this configuration means that two Jobs need to be defined for every set of Indicators synced with QRadar.

This App operates in the ThreatConnect environment, with information flow running from ThreatConnect to QRadar. It is complementary to the ThreatConnect App for IBM QRadar, which operates in the QRadar environment, providing instant Indicator enrichment in QRadar from data in ThreatConnect and allowing users to look up and create Indicators or report false positives to ThreatConnect from within QRadar. See ThreatConnect App for IBM QRadar User Guide for more information.

  

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.
IBM^® and QRadar^® are registered trademarks of the IBM Corporation.