IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

SWIFT ISAC / Threat Intelligence

1. SWIFT ISAC / Threat Intelligence

Like
Rouven Schierscher
Posted Tue December 18, 2018 10:21 AM

Reply
Hi

We are part of the SWIFT community and therefore we had to integrate their threat information in QRadar. SWIFT offers a TAXII server where this threat information could be polled. So I would like to use the Threat Intelligence app for this. Unfortunately after authentication I don't see any content inside the app and can't pull data. Other threat sources are working properly with the app.
Does anyone else has integrated the SWIFT ISAC feed in QRadar with the threat intelligence app? And how did you configure it?

Thanks & regards
Rouven

------------------------------
Rouven Schierscher
------------------------------
2. RE: SWIFT ISAC / Threat Intelligence

Like
Omer Berk
Posted Thu December 20, 2018 02:28 AM

Reply
Hi,

I tried to integrate it but Threat Intelligence using TAXI 1.2 and SWIFT ISAC needs TAXII 1.2. So we can not use Threat Intelligence at the moment as far as i know.

Thank you.
Omer Berk

------------------------------
Omer Berk
------------------------------

Original Message
3. RE: SWIFT ISAC / Threat Intelligence

Like
Rouven Schierscher
Posted Thu January 03, 2019 04:19 AM

Reply
We contacted SWIFT support and get the following statement:

--
Known issues

In case you encounter issues connecting to our TAXII feed, please confirm the client used supports STIX 1.2.

We are aware of incompatibility issues with IBM Qradar, Arcsight, Logrhythm and Anomali STAX. We are working on adding extra feeds to allow integration with these platforms as well
----

------------------------------
Rouven Schierscher
------------------------------

Original Message
4. RE: SWIFT ISAC / Threat Intelligence

Like
Omer Berk
Posted Thu January 03, 2019 06:44 AM

Reply
As far as i understand, we have to wait to upgrade of Threat Intelligence or another development.

------------------------------
Omer Berk
------------------------------

Original Message
5. RE: SWIFT ISAC / Threat Intelligence

Like
Steven Beck
Posted Thu April 04, 2019 06:17 AM

Reply
Hello,

we have the same Issue.
Has anyone a Solution for this Problem ?

Thank you

------------------------------
Steven Beck
------------------------------

Original Message
6. RE: SWIFT ISAC / Threat Intelligence

Like
Ian Lewis
Posted Fri April 05, 2019 08:48 AM

Reply
Hi Guys,

This is a known issue to SWIFT and IBM Qradar. It appears that Threat Intel App does not support TLS 1.2, which SWIFT and I think other TAXII feeds require. As of 1.4.3 of the app this is still an issue.

Happy to be corrected or if there is a work around!

Original Message
7. RE: SWIFT ISAC / Threat Intelligence

Like
Robert Nixon
Posted Fri April 05, 2019 08:52 AM

Reply
SWIFT also uses JWT for auth. Does the app support that?

Robert Nixon CASP, CEH, CISSP, GCTI, GREM

Cyber Security Architect, Cyber Threat Intelligence, Cyber Fusion Center, SOC Lead

Corporate Headquarters

Information Risk & Resiliency

Work: 706-257-5741

Synovus Bank named among Most Reputable Banks by Reputation Institute

NOTICE: This communication is intended only for the person or entity to whom it is addressed and may contain confidential, proprietary, and/or privileged material. Unless you are the intended addressee, any review, reliance, dissemination, distribution, copying or use whatsoever of this communication is strictly prohibited. If you received this in error, please reply immediately and delete the material from all computers. Email sent through the Internet is not secure. Do not use email to send us confidential information such as credit card numbers, PIN numbers, passwords, Social Security Numbers, Account numbers, or other important and confidential information.

Original Message
8. RE: SWIFT ISAC / Threat Intelligence

Like
Ian Lewis
Posted Fri April 05, 2019 09:01 AM

Reply
Sorry I misspoke. its not TLS but STIX version 1.2

From SWIFT:

Known issues
In case you encounter issues connecting to our TAXII feed, please confirm the client used supports
STIX 1.2.
We are aware of incompatibility issues with IBM Qradar, Arcsight, Logrhythm and Anomali STAX.
We are working on adding extra feeds to allow integration with these platforms as well.

Original Message

IBM QRadar

SWIFT ISAC / Threat Intelligence

Rouven SchierscherTue December 18, 2018 10:21 AM

Omer BerkThu December 20, 2018 02:28 AM

Rouven SchierscherThu January 03, 2019 04:19 AM

Omer BerkThu January 03, 2019 06:44 AM

Steven BeckThu April 04, 2019 06:17 AM

Ian LewisFri April 05, 2019 08:48 AM

Robert NixonFri April 05, 2019 08:52 AM

Ian LewisFri April 05, 2019 09:01 AM

1. SWIFT ISAC / Threat Intelligence

2. RE: SWIFT ISAC / Threat Intelligence

3. RE: SWIFT ISAC / Threat Intelligence

4. RE: SWIFT ISAC / Threat Intelligence

5. RE: SWIFT ISAC / Threat Intelligence

6. RE: SWIFT ISAC / Threat Intelligence

7. RE: SWIFT ISAC / Threat Intelligence

8. RE: SWIFT ISAC / Threat Intelligence

Additional
Resources

Office

Quick Links

IBM QRadar

SWIFT ISAC / Threat Intelligence

Rouven SchierscherTue December 18, 2018 10:21 AM

Omer BerkThu December 20, 2018 02:28 AM

Rouven SchierscherThu January 03, 2019 04:19 AM

Omer BerkThu January 03, 2019 06:44 AM

Steven BeckThu April 04, 2019 06:17 AM

Ian LewisFri April 05, 2019 08:48 AM

Robert NixonFri April 05, 2019 08:52 AM

Ian LewisFri April 05, 2019 09:01 AM

1. SWIFT ISAC / Threat Intelligence

2. RE: SWIFT ISAC / Threat Intelligence

3. RE: SWIFT ISAC / Threat Intelligence

4. RE: SWIFT ISAC / Threat Intelligence

5. RE: SWIFT ISAC / Threat Intelligence

6. RE: SWIFT ISAC / Threat Intelligence

7. RE: SWIFT ISAC / Threat Intelligence

8. RE: SWIFT ISAC / Threat Intelligence

Additional Resources

Office

Quick Links

Additional
Resources