IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Maximum number of feeds in the Threat Intel App?

  • 1.  Maximum number of feeds in the Threat Intel App?

    Posted Wed October 21, 2020 02:54 PM

    What's the maximum number of feeds in the Threat Intel App?

    We are taking about 4-5 sources for IoC feeds. Each of these has 3-5 different IoC types; IP4, URL, Filehash, etc... So we could have +20 different entries.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Maximum number of feeds in the Threat Intel App?

    Posted Tue October 27, 2020 07:06 PM

    There is no maximum limit to the number of feeds that can be polled by the Threat Intel app. The app uses the memory allocation assigned to the docker instance to complete polling operations. If you experience issues with polling errors or failures, contact QRadar Support and they can look at increasing the memory allocation for the app. We do not publish articles on how to tune memory allocations, but by default the Threat Intelligence gets a default allocation of 800 MB in QRadar. Support can assist you with any issues you have with polling sources, but ~20 sources should not be a concern if you are not seeing errors.

    Hope this helps....

    If you have follow-up questions or concerns, let me know.



    #QRadar
    #Support
    #SupportMigration


Related Content