IBM Security QRadar

 View Only

  • 1.  custom action script block a traffic on firewall

    Posted Wed December 04, 2019 05:43 AM
    would like to know if anyone has done similar. I want qradar to connect to firewall over API and tell firewall to drop that traffic.

    we use Cisco firepower management center (FMC) which supports API access to firewall. can qradar custom action call in API pass the destination IP value to firewall and drop traffic.

    ------------------------------
    s 3k
    ------------------------------


  • 2.  RE: custom action script block a traffic on firewall

    Posted Thu December 05, 2019 03:23 AM
    Hi @s 3k,

    I have not done it in my environment yet but it should be possible. QRadar can pass source IP and dest IP in the API calls.
    ​​

    ------------------------------
    Chinmay Kulkarni
    ------------------------------

    Original Message


  • 3.  RE: custom action script block a traffic on firewall

    Posted Thu December 05, 2019 05:51 AM
    thanks Chinmay
    Any others experienced in implementing a solution..i look for hints on how it was orchestrated. i would like to know whether qradar (and how) qradar passes source ip| dest IP and invoke firewall API if at all its possible.


    ------------------------------
    s 3k
    ------------------------------

    Original Message