Community
Search Options
Search Options
Log in
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Security
Topic groups
IBM Cloud Pak for Security
IBM Security Global Forum
IBM Guardium
IBM MaaS360
IBM QRadar
IBM QRadar SOAR
IBM Trusteer
IBM Verify
IBM Z Security
Security Skills & Learning
Champions
User groups
Security user groups
All user groups
Events
TechXchange Conference
Upcoming Security Events
IBM TechXchange Webinars
All IBM TechXchange Community Events
Participate
Gamification Program
Post to Forum
Share a Resource
Share Your Expertise
Blogging on the Community
All IBM TechXchange Community Users
Resources
IBM TechXchange Group
IBM Cloud Support
IBM Documentation
IBM Support
IBM Support 101
IBM Technology Zone
IBM Training
Security Blogs
IBM Security Experts
Security Learning Academy
Request for Enhancements
IBM TechXchange Community Partner Program
TechXchange Conference
Marketplace
Marketplace
IBM Security
Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.
Start collaborating
Nominate for the IBM Champions program by 15 November!
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Security User Groups
User Group Tag Test
List of Contributions
Brian Reid
This individual is no longer active. Application functionality related to this individual is limited.
Contact Details
×
Enter Password
Enter Password
Confirm Password
Brian Reid
This individual is no longer active. Application functionality related to this individual is limited.
Profile
Connections
Contacts
Contributions
Achievements
List of Contributions
My Content
1 to 17 of 17 total
search criteria =
ALL
RE: Splunk ADD-ON [Event_ID field not mapped]
Posted By
Brian Reid
Mon March 15, 2021 12:14 PM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Omar, Great! I'm glad to hear you are up and running. I can provide some information on your additional questions as well: 1. You can map anything you want, provided the token ($result.example_value$) returns a value and the desired field in Resilient exists. For example, it's common to map ...
RE: Splunk ADD-ON [Event_ID field not mapped]
Posted By
Brian Reid
Wed March 10, 2021 10:35 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Omar, Thank you for your question. First things first, please make sure you have all the proper configurations in place to map the Notable Event ID to a Resilient incident (you are using Splunk ES, the custom field is created in Resilient, etc). If your configuration is good, the next thing ...
RE: Using ODBC QUERY APP with Oracle DB
Posted By
Brian Reid
Tue March 09, 2021 04:12 PM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Nick, I sincerely apologize for the delay here. Hopefully I can help provide the information you need and/or set you in the right direction. You are correct that OracleDB is not supported out-of-the-box with the ODBC Query app. However, it is possible to configure. The ODBC query app depends ...
RE: fn MISP attribute tag
Posted By
Brian Reid
Wed December 02, 2020 09:26 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hi David, Thank you so much for the information here. We really appreciate it. I've update the bug ticket with the steps to reproduce so we'll have an easier time working with this. Got it - I see the difference now. Since fn_misp is a community app, I'm not sure how much development effort will ...
RE: fn MISP attribute tag
Posted By
Brian Reid
Tue December 01, 2020 10:46 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Also - could you provide steps to reproduce this bug? - Brian ------------------------------ Brian Reid ------------------------------
RE: fn MISP attribute tag
Posted By
Brian Reid
Tue December 01, 2020 10:42 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hi David, Great thank you - just wanted to confirm you were on a recent version of the platform and on the latest fn_misp. We don't have a process in place to merge pull requests directly into the resilient-community-apps repo, but what I can do is create a ticket internally for this bug and link ...
RE: fn MISP attribute tag
Posted By
Brian Reid
Tue December 01, 2020 07:56 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello David, Thank you for bringing this to our attention. Could you please confirm what version of Resilient and what version of fn_misp you are using? Also, are you running fn_misp on an integration server or an app host? Thank you, Brian ------------------------------ Brian Reid ----- ...
RE: Resilient-QRadar integration questions
Posted By
Brian Reid
Wed November 18, 2020 10:49 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Adam, As a follow-on to Ihor's response, the QRadar-Resilient integration can be found here. The documentation can be downloaded from that page under the "Additional Information" section on the lower righthand side. If you have any outstanding questions that our responses or the docs fail to ...
RE: Resilient workflows not executing in order specified
Posted By
Brian Reid
Wed November 18, 2020 09:17 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Akhilesh, Could you possibly clarify the issue a little bit for me? I understand that you have a SHA 1 Malware Hash that is added to Resilient as an Artifact after results from a QRadar Ariel query are received. I also understand that once the Artifact as is added, the system makes an API ...
RE: Webhooks with Resilient
Posted By
Brian Reid
Wed November 18, 2020 09:07 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Zohra, One approach would be the rc-webserver component, part of resilient-circuits. https://github.com/ibmresilient/resilient-python-api/tree/master/rc-webserver Best wishes, Brian ------------------------------ Brian Reid ------------------------------
RE: Resilient App Host connections
Posted By
Brian Reid
Wed November 18, 2020 08:53 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
You're welcome, Adam. Perhaps you caught my typo, but the outbound ports should be 65000/65001. I added an extra zero in my previous reply. ------------------------------ Brian Reid ------------------------------
RE: Resilient App Host connections
Posted By
Brian Reid
Tue November 17, 2020 10:36 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Adam, Thank you for your question. This actually looks like a minor mistake in the documentation. I just raised the issue with the team and we are working to correct it. Ports 6443, 10250, and 8472 do not need to be accessible outside of the appliance itself. Port 22 should be inbound ...
RE: Splunk 7.3.3 and Splunk ES 5.1 Integration Compatibility
Posted By
Brian Reid
Mon November 16, 2020 09:35 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Ahmed, You are correct, the 1.1.0 version of the Resilient Addon for Splunk that we release has only been tested on Splunk 8. There were a lot of fixes that went into that version, so if you are planning to upgrade to Splunk 8 I would highly recommend that you go to 1.1 of our addon as well. ...
RE: Resilient Integration for Splunk and Splunk ES
Posted By
Brian Reid
Thu November 12, 2020 10:23 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Ayush, I apologize for the delay. Unfortunately, the error that you are seeing is a very general message that Splunk displays through the UI anytime something goes wrong when you are trying to configure the Resilient Add-on. It often times can be very misleading! The real detail will be in the ...
RE: URLScan.io no report
Posted By
Brian Reid
Fri July 17, 2020 09:50 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hi Adam, What version if fn_urlscanio are you using? URLScan.io does not update the artifact description by default. The python code creates an attachment on the incident. If you want, you could utilize the results object in the post-processing script to update the incident description. You could ...
RE: Plugin "X-Force Collections for Resilient" brings no results
Posted By
Brian Reid
Tue July 14, 2020 11:08 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
RE: Plugin "X-Force Collections for Resilient" brings no results
Posted By
Brian Reid
Tue July 14, 2020 11:08 AM
Found In
Egroup:
IBM Security QRadar SOAR
\
view thread
Hello Vitor, Thank you for your submission. Currently, we only support querying X-Force casefiles/collections by a query string or collection ID. We do not support the IP reputation feature within X-Force at this time. You can mimic your query by searching for the target IP within collections here ...
Security
Topic groups
IBM Cloud Pak for Security
IBM Security Global Forum
IBM Guardium
IBM MaaS360
IBM QRadar
IBM QRadar SOAR
IBM Trusteer
IBM Verify
IBM Z Security
Security Skills & Learning
Champions
User groups
Security user groups
All user groups
Events
TechXchange Conference
Upcoming Security Events
IBM TechXchange Webinars
All IBM TechXchange Community Events
Participate
Gamification Program
Post to Forum
Share a Resource
Share Your Expertise
Blogging on the Community
All IBM TechXchange Community Users
Resources
IBM TechXchange Group
IBM Cloud Support
IBM Documentation
IBM Support
IBM Support 101
IBM Technology Zone
IBM Training
Security Blogs
IBM Security Experts
Security Learning Academy
Request for Enhancements
IBM TechXchange Community Partner Program
TechXchange Conference
Marketplace
Marketplace
Powered by Higher Logic