IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  FSISAC threat intelligence Feed with QRadar

    Posted Thu February 25, 2021 11:18 AM
    Hello Experts,

    I want to feed FS-ISAC Threat intelligence feeds into QRadar, Please has anyone successfully done this.?

    I saw a previous post on this.

    https://www.ibm.com/mysupport/s/question/0D50z00005q4Lg5CAE/threat-intelligence-fsisac-feed-error?language=en_US

    Kindly assist with steps or any links to get this done.
    Regards,

    ------------------------------
    benjamin Nworah
    ------------------------------


  • 2.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Fri February 26, 2021 10:20 AM
    I integrated the MS-ISAC feed using the Threat APP which add STIX and TAXXI ability to QRadar.  Get an API key from FS-ISAC.

    ------------------------------
    Scott Searls
    ------------------------------



  • 3.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Fri February 26, 2021 11:23 AM
    Hello Scott,

    Thank you for your input. Does the FS-ISAC TI feeds requires certificate ?

    Regards,


    ------------------------------
    benjamin Nworah
    ------------------------------



  • 4.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Thu March 04, 2021 11:58 AM
    Hello, 

    I'm sorry, I am not sure how to answer that.  

    Wish you well.

    Regards,

    Scott Searls





  • 5.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Wed March 10, 2021 04:10 PM
    Edited by benlinux Wed March 10, 2021 04:11 PM
    Hello Experts,

    I am trying to integrate with a third party TAXII Server, I received the error as seen below. 

    Do i need to permit the TAXII Endpoint https://taxii.fsisac.com/ctixapi/taxii/ on my firewall?
    Please how can i troubleshoot this issue.?

    Thank You.

    ------------------------------
    benjamin Nworah
    ------------------------------



  • 6.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Wed March 10, 2021 04:29 PM
    It would appear that is the case.  I would suspect you have a firewall deny for that communication in your log activity tab.

    ------------------------------
    Scott Searls
    ------------------------------



  • 7.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Wed March 10, 2021 04:43 PM
    Hello Scot,

    I will inform the client to permit the TAXII endpoint on their Firewall, and see if this works.

    Thank You.

    ------------------------------
    benjamin Nworah
    ------------------------------



  • 8.  RE: FSISAC threat intelligence Feed with QRadar

    Posted Tue September 03, 2024 03:51 PM

    Hi,

    I'm looking for a similar integration. Is this method working?

    Thank you,

    Abdulsk



    ------------------------------
    Abdulsaleem sk
    ------------------------------