IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hello,
I installed the Security Threat Monitoring Content Extension to get the free TI feeds from IBM as described in https://www.ibm.com/docs/en/qradar-on-cloud?topic=integration-qradar-security-threat-monitoring-content-extension
It's a onPrem install with limited internet access. If I look at the XFE reference sets, they are all empty. So my question is, which are the correct lists that are updated daily and how is the update process working? (auto updates or need to set up proxy elsewhere?)
Thank you
Stefan
Hi Stefan,
As I understand so far, these xfe atpf reference sets are only used via an advanced threat protection feed. It is available as a 30-day test trial or licensed according to your quantity needed. Pricing is certainly available through your IBM techsales contact. The other option is the public free feeds. They can be connected via Taxxii feed configuration. Details here: https://www.ibm.com/docs/en/qradar-common?topic=tif-adding-threat-intelligence-feeds
Regards,
Ralph
Hello Stefan,
Also go through below link which will answer your query related to configuring thread feed using proxy :
https://www.ibm.com/support/pages/qradar-x-force-frequently-asked-questions-faq
Vishal