IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Integration of third party threat intelligence feed in Qradar

  • 1.  Integration of third party threat intelligence feed in Qradar

    Posted Thu June 10, 2021 03:37 AM

    Hi Experts,

    I have to add CTM360 threat feed in QRadar. Threat feed from CTM360 is in JSON format. They have provided me with their API endpoint.

    What I did is mentioned below:

    1- Installed the Threat Intellignece app (version 2.1.0) from IBM App Exchange.

    2- During configuration, I added the CTM api i.e. "https://memberapi.ctm360.com/v1/incidents" in the threat intelligence app.

    3- Selected the JSON format.

    4- Inserted the API key (provided to me by CTM360 team).

    5- Now, try to discover, but its getting failed with the error that the qrddar is unable to connect to the endpoint. I have confirmed from the Network team and Proxy Server team, that the CTM provided URL ("https://memberapi.ctm360.com/v1/incidents" ) has no blocking at either end.

    Kindly help me to get the CTM360 threat intelligence feed in QRadar.

    Regards,

    MFaruqi.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Integration of third party threat intelligence feed in Qradar

    Posted Thu June 10, 2021 08:58 AM

    Please check if you are able to resolve memberapi.ctm360.com in QRadar as well as inside the threat intel app. You can try with a normal ping or telnet. If it's a public domain or hostname, it should resolve.

    I tried but it failed

    host memberapi.ctm360.com

    Host memberapi.ctm360.com not found: 3(NXDOMAIN)



    #QRadar
    #Support
    #SupportMigration