IBM QRadar SOAR

 View Only
  • 1.  integration between SOAR and crowdstrike threat intelligence

    Posted Thu August 19, 2021 10:03 PM

    Dears
    what is the steps to integration between SOAR 42 and crowdstrike threat intelligence



    ------------------------------
    M Ramadan
    ------------------------------


  • 2.  RE: integration between SOAR and crowdstrike threat intelligence

    Posted Fri August 20, 2021 11:42 AM
    Hi M Ramadan

    Is it the CrowdStrike Falcon Insight and Threat Intel that you would like to install and run on SOAR v42?
    If so, you can download that integration from the IBM App Exchange here
    Hopefully that link works for you.

    Let me know if there is more information you need.

    AnnMarie

    ------------------------------
    AnnMarie Norcross
    ------------------------------



  • 3.  RE: integration between SOAR and crowdstrike threat intelligence

    Posted Fri August 20, 2021 02:55 PM
    Thanks AnnMarie

    ------------------------------
    M Ramadan
    ------------------------------



  • 4.  RE: integration between SOAR and crowdstrike threat intelligence

    Posted Sun August 22, 2021 05:05 PM
    Hi AnnMarie Norcross 
    To use this app, i should buy it or I can use without paying money

    thanks



    ------------------------------
    M Ramadan
    ------------------------------



  • 5.  RE: integration between SOAR and crowdstrike threat intelligence

    Posted Mon August 23, 2021 05:38 AM

    All Apps are free.

    What may cost is the target tool (like CrowdStrike) that you need to pay :)



    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------



  • 6.  RE: integration between SOAR and crowdstrike threat intelligence

    Posted Mon January 29, 2024 11:33 AM

    i have integration issue of integration between IBM Soar (v49) and CrowdStrike Falcon

    The location: /var/crowdstrike is not writable for the current user. Please change dynamic_data_store in app.config to a writable directory 

    even this file is writable by all

    and in thier documentation they put 

     Location to save the status of polling (Detection offset).
    # The location should exist and should be writable for the current user, 
    otherwise the extension will use the default_detection_offset and show a 
    warning.
    # User can change the location to the directory where the current user has 
    writable access. Note that this is not supported with an App Host.
    dynamic_data_store=/var/rescircuits

    any idea



    ------------------------------
    Hazzaa Alotaibi
    ------------------------------