IBM Security QRadar SOAR

hi,

about QRadar's integration with Resilient, I have two doubts.

1) Can I send to Resilient the subnet or network hierarchy that the IP (which was sent as an artifact) is part of?

2) I noticed that within Resilient I can add content to Qradar reference sets, but can I manipulate the reference sets? such as a function or workflow to apply to the entire reference set.

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------

Hello,

1. The Qradar Resilient plugin can be used to escalate offenses from Qradar to Resilient. All source and destination addressed associated with the offense can be added as an artifact to an incident. You should modify the escalation template to include all IOC's that are associated with the offense. If you can elaborate more on "network hierarchy" I can provide more insight on how to do this. 

2. The Qradar Resilient Functions for Resilient Integration can be used to manipulate Qradar Reference sets. The function currently lets you add, delete, or find items in a reference set. The function can also execute ariel queries over Qradar events for additional incident enrichment. The function currently comes with 4 workflows to execute these actions

Please look at the link below for additional information on the integrations.
https://exchange.xforce.ibmcloud.com/hub/?br=Resilient&q=qradar

------------------------------
Edgar Johnson
------------------------------

Original Message:
Sent: Wed July 01, 2020 02:28 PM
From: Vítor Fagundes Alves Nogueira
Subject: Doubts about the integration between qradar and resilient

hi,

about QRadar's integration with Resilient, I have two doubts.

1) Can I send to Resilient the subnet or network hierarchy that the IP (which was sent as an artifact) is part of?

2) I noticed that within Resilient I can add content to Qradar reference sets, but can I manipulate the reference sets? such as a function or workflow to apply to the entire reference set.

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------

Can you show me how i send IP:port as an artifact for the resilient through qradar?

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------

Original Message:
Sent: Wed July 01, 2020 03:04 PM
From: Edgar Johnson
Subject: Doubts about the integration between qradar and resilient

Hello,

1. The Qradar Resilient plugin can be used to escalate offenses from Qradar to Resilient. All source and destination addressed associated with the offense can be added as an artifact to an incident. You should modify the escalation template to include all IOC's that are associated with the offense. If you can elaborate more on "network hierarchy" I can provide more insight on how to do this. 

2. The Qradar Resilient Functions for Resilient Integration can be used to manipulate Qradar Reference sets. The function currently lets you add, delete, or find items in a reference set. The function can also execute ariel queries over Qradar events for additional incident enrichment. The function currently comes with 4 workflows to execute these actions

Please look at the link below for additional information on the integrations.
https://exchange.xforce.ibmcloud.com/hub/?br=Resilient&q=qradar

------------------------------
Edgar Johnson

Original Message:
Sent: Wed July 01, 2020 02:28 PM
From: Vítor Fagundes Alves Nogueira
Subject: Doubts about the integration between qradar and resilient

hi,

about QRadar's integration with Resilient, I have two doubts.

1) Can I send to Resilient the subnet or network hierarchy that the IP (which was sent as an artifact) is part of?

2) I noticed that within Resilient I can add content to Qradar reference sets, but can I manipulate the reference sets? such as a function or workflow to apply to the entire reference set.

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------

Can anyone help me with this?

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------

Original Message:
Sent: Fri July 03, 2020 05:11 PM
From: Vítor Fagundes Alves Nogueira
Subject: Doubts about the integration between qradar and resilient

Can you show me how i send IP:port as an artifact for the resilient through qradar?

------------------------------
Vítor Fagundes Alves Nogueira

Original Message:
Sent: Wed July 01, 2020 03:04 PM
From: Edgar Johnson
Subject: Doubts about the integration between qradar and resilient

Hello,

1. The Qradar Resilient plugin can be used to escalate offenses from Qradar to Resilient. All source and destination addressed associated with the offense can be added as an artifact to an incident. You should modify the escalation template to include all IOC's that are associated with the offense. If you can elaborate more on "network hierarchy" I can provide more insight on how to do this. 

2. The Qradar Resilient Functions for Resilient Integration can be used to manipulate Qradar Reference sets. The function currently lets you add, delete, or find items in a reference set. The function can also execute ariel queries over Qradar events for additional incident enrichment. The function currently comes with 4 workflows to execute these actions

Please look at the link below for additional information on the integrations.
https://exchange.xforce.ibmcloud.com/hub/?br=Resilient&q=qradar

------------------------------
Edgar Johnson

Original Message:
Sent: Wed July 01, 2020 02:28 PM
From: Vítor Fagundes Alves Nogueira
Subject: Doubts about the integration between qradar and resilient

hi,

about QRadar's integration with Resilient, I have two doubts.

1) Can I send to Resilient the subnet or network hierarchy that the IP (which was sent as an artifact) is part of?

2) I noticed that within Resilient I can add content to Qradar reference sets, but can I manipulate the reference sets? such as a function or workflow to apply to the entire reference set.

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------