Anthony, it was a good point to reference MISP as it is probably regarded as an unofficial "standard" threat info sharing platform for CSIRTs. I avoided mentioning it for the very reason of the lack of widely used or officially published extension for integration with QRadar (there is something available on X-Force App Exchange for integration with IBM Resilient, however). I've seen few related projects on github, but had no opportunity to test them, though.
------------------------------
Dusan VIDOVIC
------------------------------
Original Message:
Sent: Mon July 29, 2019 03:31 PM
From: Anthony Gayadeen
Subject: Polling Threat Feeds other than X force in Qradar
Hi Sundeep,
here's another feed you might want to consider.
https://www.misp-project.org/
We have developed an app that gets the feed and pushes them to Qradar via the API. It's now in lab, and we'll be installing it shortly in production. I'm not sure if our code will be released for free usage. That depends of my employer, I'll keep the community posted. Anyways, it's not too much work to build if you want to do it on your own, and it's well documented in the Qradar API development section.
If anyone has more threat feeds, please post them here.
------------------------------
Anthony Gayadeen, Videotron Ltd
Montreal QC
Original Message:
Sent: Mon July 29, 2019 02:23 PM
From: sundeep singh
Subject: Polling Threat Feeds other than X force in Qradar
Hello Dusan,
I have a virus total API key already which I am looking to integrate with Qradar.
Also I have this github link https://stixproject.github.io/supporters/ but I am not getting any STIX link to have integrate it.
Incase you have any link which you integrated with your setup please share the same.
------------------------------
sundeep singh
Original Message:
Sent: Mon July 29, 2019 04:52 AM
From: Dusan VIDOVIC
Subject: Polling Threat Feeds other than X force in Qradar
QRadar Threat Intelligence app supports STIX 1.1.1 / TAXII 1.1 (no v. 2 unfortunately) < http://ibm.biz/BdzGHQ >
What other types of integration did you have in mind? Generally, you could use the standard API < ibm.biz/BdzGHk >
------------------------------
Dusan VIDOVIC
Original Message:
Sent: Thu July 25, 2019 06:22 PM
From: sundeep singh
Subject: Polling Threat Feeds other than X force in Qradar
Hello Team,
I have configured below taxii threat data to be polled in Qradar.
http://hailataxii.com/taxii-discovery-service
https://api.xforce.ibmcloud.com/taxii
https://otx.alienvault.com/taxii/discovery
Looking forward to integrate more threat feeds like virustotal or any other open source feeds in Taxii or API basis to integrated with Qradar. Is there a way that we can achieve having other threat intel data ingested to Qradar other than X force app?
In case any one have more open source discovery threat feeds url please share with me.
------------------------------
sundeep singh
------------------------------