IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Enhance Query TOR Network results in Notes and Artifact Description

  • 1.  Enhance Query TOR Network results in Notes and Artifact Description

    Posted Fri August 23, 2019 12:48 PM
    Edited by BENOIT ROSTAGNI Mon August 26, 2019 04:44 AM
      |   view attached
    Prerequisit : have the Query TOR Network integration installed and configured  Link to App Exchange
    Purpose : Enhance the standard information given by this integration
    Changes :
    • New Rule TOR Network Search that will not show up in Action button if already launched. You can disable the previous rule from the basic installation starting with "example"
    • New Workflow TOR Network Search Reputation with changes in post process scripts
    The result is :
    • Artifact Description:
      Artifact Description
    • Note
      :
    Attached is the res file you can import to adapt the Query TOR Network integration

    Feel free to use, adapt, make this better :)

    Building the res file:
    resilient-circuits extract --workflow "query_tor_network" --rule "TOR Network Search" -o config_TOR.res --zip

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------

    Attachment(s)

    zip
    config_TOR.res.zip   8 KB 1 version