IBM QRadar

 View Only

New: QRadar Threat Intelligence - Am I Affected anywhere

By TONY HSU posted Sun March 13, 2022 05:48 PM

  

Hi QRadar Community!

The version 2.4.0 of the QRadar Threat Intelligence has just gone live with extending the Am I Affected capability to Flows. It completes the last piece of the Am I Affected anywhere. It can help security operations center (SOC) analyst to identify the latest threats easily by performing the Am I Affected feature daily. Users can have an understanding  about the Zero-Day activities against the environment. Users also can create the rules with the knowledge powered by threat intelligence, it can continue to monitor any further activities happening in the environment. 

Am I Affected is a threat intelligence capability that helps you to quickly determine whether your environment is affected by a threat.

QRadar Threat Intelligence supports the following Threat Intelligence contents, including the public collections from X-Force Exchange, third party threat intelligence contents via STIX/TAXII 1.x or 2.0, and the IBM Advanced Threat Protection Feed which is designed to help us monitor and protect our environment efficiently.


Am I Affected with X-Force Exchange Public Collections: Users can click the titles to understand the details of the threats from X-Force Exchange and then click the scan now button to run the Am I Affected feature. 



Am I Affected with IBM Advanced Threat Protection Feed: Users can click the microscope button to run the Am I Affected feature.



Am I Affected with third party feeds via STIX/TAXII: Users can click the microscope button to run the Am I Affected feature.



Users can select to run the Am I Affected to QRadar events and flows.

0 comments
28 views

Permalink