QRadar XDR

  • 1.  How to push Indicators from ThreatConnect to QRadar?

    Posted Tue August 24, 2021 10:06 PM

    Hello everyone!

    I want to push indicators (IOCs) from ThreatConnect to QRadar reference sets. I make sure ThreatConnect installed QRadar Integration app.

    Regarding the configuration on ThreatConnect, first I create an API User and grant permissions. Then I create a new job, but when I go to the settings like picture below, I don't know if the QRadar API base URI is correct (and how to find it on QRadar). Therefore, I have not been able to push any indicator to QRadar yet.

    Besides, I also don't know how to configure QRadar side. Looking forward to your help!



    ------------------------------
    Le Hieu
    ------------------------------


  • 2.  RE: How to push Indicators from ThreatConnect to QRadar?

    Posted Wed August 25, 2021 11:30 PM
    HI  

    I think you can  try  the qradar  Interactive API for Developers

    ------------------------------
    Hung-Ting Chou
    ------------------------------



  • 3.  RE: How to push Indicators from ThreatConnect to QRadar?

    Posted Thu August 26, 2021 10:09 PM
    Hi.
    Do you have any guide with with problem?

    ------------------------------
    Le Hieu
    ------------------------------



  • 4.  RE: How to push Indicators from ThreatConnect to QRadar?

    Posted Thu August 26, 2021 08:50 AM
    The baseURL for QRadar is https://<console_ip_address>

    ------------------------------
    Kgosi Tshepo Bahula
    ------------------------------



  • 5.  RE: How to push Indicators from ThreatConnect to QRadar?

    Posted Thu August 26, 2021 10:11 PM
    Hi.
    I know the QRadar address is https://<console_ip_address>. But I don't know how to find QRadar API base URI. It's URI, not URL.

    ------------------------------
    Le Hieu
    ------------------------------



  • 6.  RE: How to push Indicators from ThreatConnect to QRadar?

    Posted Thu August 26, 2021 11:02 PM
    HELLO

    YOU CAN SEE

    https://www.ibm.com/docs/en/qsip/7.3.3?topic=api-restful-overview

    OR 

    https://github.com/ibm-security-intelligence/api-samples

    ------------------------------
    Hung-Ting Chou
    ------------------------------