Hello Experts,
I am trying to integrate the ibm x-force threat feed into my qradar using the taxii endpoint url
https://api.xforce.ibmcloud.com/taxii. I was able to connect successfully to the taxii server, but my observables, as well as the reference set created remained 0.
Troubleshooting performed:
* /opt/qradar/support/recon connect <id_threat app>
* tailf /store/log/app.log --> i could see that the number of observables returned from the above taxii server is 0.
* I checked the collections "Phishing & Spam", "Wcry Ransomeware" , and i could see different observable types , like url, ips, hash, etc.
I have chosen polling initial date of 3months, now. Also i have used a polling interval of 10mins, 1 hour, etc.
Kindly assist.
------------------------------
benlinux
------------------------------