IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

XFE collection to import suspicious hashes

  • 1.  XFE collection to import suspicious hashes

    Posted Fri December 11, 2020 10:15 AM

    Greetings

    I am using Qradar Threat Intelligence to import suspicious file hashes into a reference set.

    I have configured a Threat Feed where the Collection is "XFE default feed"

    and the observable type is "File Hash" and the Polling Initial date is 1 month. I noticed that the Total signature received are 0

    Please can anybody advise what is the best config to retrieve a list of suspicious file hashes from IBM Xforce?

    I am running SYSMON and I need to check the event hashes against suspicious hashes within reference sets



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: XFE collection to import suspicious hashes

    Posted Wed December 16, 2020 05:18 AM

    I would confirm in the poll.log file if there is further information available. You should be able to look at poll.log and see what the app is attempting to receive and related errors. There is a support article on how to connect to the application container and view logs here: https://www.ibm.com/support/pages/qradar-review-logs-applications-errors

    If you continue to experience issues, you could get someone in QRadar Support to review your configuration. However, I would start with the poll.log.



    #QRadar
    #Support
    #SupportMigration