Hello Shivam,
when using Threat Intel other than the one from qradar i usually download them into ref tables and from there i would try to use aql to use it. Regarding score you might be looking for something like an average score. For this to accomplish i would try to configure a new calculation CEP using aql or aql ceps.
To get your data into the refsets you could use stix/taxii functionality from qradar or the qradar api.
Have a great day
Martin
------------------------------
Martin Schmitt
Senior Cyber Defense Consultant
SECUINFRA
Berlin
------------------------------
Original Message:
Sent: Fri December 15, 2023 04:18 AM
From: shivam gote
Subject: How to get hits from multiple thread intel in same time for IP address.
Hello John,
We want to take decision based on reputation of IP from different threat intel so for this we need to get few details like - Score, Location.
We want to apply this in playbook.
------------------------------
shivam gote
Original Message:
Sent: Fri December 15, 2023 04:11 AM
From: John Dawson
Subject: How to get hits from multiple thread intel in same time for IP address.
Hi Shivam,
Can you provide some more detail on what you are trying to achieve?
Thanks
------------------------------
John Dawson
Qradar Support Architect
IBM
Original Message:
Sent: Fri December 15, 2023 01:31 AM
From: shivam gote
Subject: How to get hits from multiple thread intel in same time for IP address.
How to get hits from multiple thread intel in same time for IP address ?
------------------------------
shivam gote
------------------------------