IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Threat Intelligence not supporting STIX2.1/TAXII2?

  • 1.  Threat Intelligence not supporting STIX2.1/TAXII2?

    Posted Wed June 09, 2021 10:22 AM

    Hi there,

    I was trying to configure a TAXII server to pull the intel feeds into qRadar when I noticed that the taxii discovery request made by the app is not compliant with latest TAXII2 specs.

    I would like to know if there is any chance to get it done without downgrading to an TAXII 1.2 (deprecated)?

    Any help would be appreciated.

    Thanks!



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Threat Intelligence not supporting STIX2.1/TAXII2?

    Posted Thu June 10, 2021 01:50 PM

    At this time, the QRadar Threat Intelligence app only supports STIX/TAXII 1.2. I know this is a change that is on the roadmap and dev is reviewing these changes now. You will likely need to use something to downgrade STIX to v1.2 for now.

    You might be able to use a slider to convert the feed or see if the feed has a 1.2 format: https://pypi.org/project/stix2-slider/

    I've asked development if there is a work item that you could be added to if you wanted to open a case, but you are going to need to use a 1.2 feed as STIX2 is not available in the Threat Intel app yet.



    #QRadar
    #Support
    #SupportMigration