IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Enhance IPVOID-IP Reputation results in Notes and Artifact Description

  • 1.  Enhance IPVOID-IP Reputation results in Notes and Artifact Description

    Posted Fri August 23, 2019 12:13 PM
    Edited by BENOIT ROSTAGNI Mon August 26, 2019 04:46 AM
    Prerequisit : have the IPVOID integration installed and configured  Link to App Exchange
    Purpose : Enhance the standard information given by this integration, wich is push the full JSON in Artifact Description
    Changes :
    • New Rule IPVOID-IP Reputation that will not show up in Action button if already launched. You can disable the previous rule from the basic installation starting with "example"
    • New Workflow IPVOID-IP Reputation with changes in post process scripts
    The result is :
    • Artifact Description:
      Artifact Description
    • Note:
      Note
    Attached is the res file you can import to adapt the IPVOID integration

    Feel free to use, adapt, make this better :)

    Building the res file:
    resilient-circuits extract --workflow "ipvoidip_reputation" --rule "IPVOID-IP Reputation" -o config_IPVOID-IP.res --zip


    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------


Related Content