IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Plugin "X-Force Collections for Resilient" brings no results

Sean OGorman

Sean OGormanTue July 14, 2020 10:51 AM

Brian Reid

Brian ReidTue July 14, 2020 11:08 AM

  • 1.  Plugin "X-Force Collections for Resilient" brings no results

    Posted Wed July 08, 2020 09:08 PM
    After install the "X-Force Collections for Resilient" plugin, I performed some tests using IPs with bad reputation on X-Force and the queries didn't bring any results.

    The researched IP was 198.54.117.198.

    Follow the images bellow:


    ------------------------------
    Vítor Fagundes Alves Nogueira
    ------------------------------


  • 2.  RE: Plugin "X-Force Collections for Resilient" brings no results

    Posted Tue July 14, 2020 10:51 AM
    Edited by Sean OGorman Wed July 15, 2020 02:38 AM


  • 3.  RE: Plugin "X-Force Collections for Resilient" brings no results

    Posted Tue July 14, 2020 11:08 AM
    Edited by Brian Reid Wed July 15, 2020 10:27 AM


  • 4.  RE: Plugin "X-Force Collections for Resilient" brings no results

    Posted Tue July 14, 2020 11:08 AM
    Edited by Brian Reid Fri July 17, 2020 04:14 PM
    Hello Vitor,

    Thank you for your submission. Currently, we only support querying X-Force casefiles/collections by a query string or collection ID. We do not support the IP reputation feature within X-Force at this time. You can mimic your query by searching for the target IP within collections here and should see that no results are returned. Try adding a string artifact to your incident with something like "facebook" and re-trigger the rule to see results come back.

    If you have ideas for how we can make the X-Force integration better, please let us know through an RFE. Let us know if you have any other questions.

    Apologies for the above empty replies. The community forum was acting up a bit yesterday.

    Edit: RFE's should be submitted through Aha.

    Thank you,
    Brian

    ------------------------------
    Brian Reid
    ------------------------------