IBM QRadar

Hello,
I am a bit confuse with X-Force Risky IP, Spam dection rule
 I would like to know if all those detected IP should be blocked or just to pay attention with ?

thanks 



------------------------------
Benjamin Yabre
------------------------------

Hello Benjamin,

these free x-force rules serve as an offer to identify local connections to a remote destination that are classified as spam hosts according to x-force. This can ultimately help to question your own risk assessment in relation to the local address that establishes this connection...

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727
------------------------------

Original Message:
Sent: Thu January 12, 2023 08:58 AM
From: Benjamin Yabre
Subject: X-Force Risky IP, Spam


Hello,
I am a bit confuse with X-Force Risky IP, Spam dection rule
 I would like to know if all those detected IP should be blocked or just to pay attention with ?

thanks 



------------------------------
Benjamin Yabre
------------------------------

Hello Ralph,
thanks ,
I would like to know if I should trust the IP declared as SPAM by x-force rules is always 100% true ?
thanks

------------------------------
Benjamin Yabre
------------------------------

Original Message:
Sent: Mon January 16, 2023 09:47 AM
From: Ralph Belfiore
Subject: X-Force Risky IP, Spam

Hello Benjamin,

these free x-force rules serve as an offer to identify local connections to a remote destination that are classified as spam hosts according to x-force. This can ultimately help to question your own risk assessment in relation to the local address that establishes this connection...

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727

Original Message:
Sent: Thu January 12, 2023 08:58 AM
From: Benjamin Yabre
Subject: X-Force Risky IP, Spam


Hello,
I am a bit confuse with X-Force Risky IP, Spam dection rule
 I would like to know if all those detected IP should be blocked or just to pay attention with ?

thanks 



------------------------------
Benjamin Yabre
------------------------------

Hello Benjamin,

if you review the rule for example with use case manager you'll see the confidence value greater than 85 is set as default..
Those values managed by x-force are dynamic. You can review those ips by right click on the destination ip -> more options -> plugin options -> x-force exchange lookup.. There you'll find context about the x-force rating to adjust your individual decison how to deal with. It's useful context..

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727
------------------------------

Original Message:
Sent: Mon January 16, 2023 09:56 AM
From: Benjamin Yabre
Subject: X-Force Risky IP, Spam

Hello Ralph,
thanks ,
I would like to know if I should trust the IP declared as SPAM by x-force rules is always 100% true ?
thanks

------------------------------
Benjamin Yabre

Original Message:
Sent: Mon January 16, 2023 09:47 AM
From: Ralph Belfiore
Subject: X-Force Risky IP, Spam

Hello Benjamin,

these free x-force rules serve as an offer to identify local connections to a remote destination that are classified as spam hosts according to x-force. This can ultimately help to question your own risk assessment in relation to the local address that establishes this connection...

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727

Original Message:
Sent: Thu January 12, 2023 08:58 AM
From: Benjamin Yabre
Subject: X-Force Risky IP, Spam


Hello,
I am a bit confuse with X-Force Risky IP, Spam dection rule
 I would like to know if all those detected IP should be blocked or just to pay attention with ?

thanks 



------------------------------
Benjamin Yabre
------------------------------

Hello Ralph,
thank you very much I appreciate.
Best regards

------------------------------
Benjamin Yabre
------------------------------

Original Message:
Sent: Mon January 16, 2023 11:26 AM
From: Ralph Belfiore
Subject: X-Force Risky IP, Spam

Hello Benjamin,

if you review the rule for example with use case manager you'll see the confidence value greater than 85 is set as default..
Those values managed by x-force are dynamic. You can review those ips by right click on the destination ip -> more options -> plugin options -> x-force exchange lookup.. There you'll find context about the x-force rating to adjust your individual decison how to deal with. It's useful context..

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727

Original Message:
Sent: Mon January 16, 2023 09:56 AM
From: Benjamin Yabre
Subject: X-Force Risky IP, Spam

Hello Ralph,
thanks ,
I would like to know if I should trust the IP declared as SPAM by x-force rules is always 100% true ?
thanks

------------------------------
Benjamin Yabre

Original Message:
Sent: Mon January 16, 2023 09:47 AM
From: Ralph Belfiore
Subject: X-Force Risky IP, Spam

Hello Benjamin,

these free x-force rules serve as an offer to identify local connections to a remote destination that are classified as spam hosts according to x-force. This can ultimately help to question your own risk assessment in relation to the local address that establishes this connection...

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727

Original Message:
Sent: Thu January 12, 2023 08:58 AM
From: Benjamin Yabre
Subject: X-Force Risky IP, Spam


Hello,
I am a bit confuse with X-Force Risky IP, Spam dection rule
 I would like to know if all those detected IP should be blocked or just to pay attention with ?

thanks 



------------------------------
Benjamin Yabre
------------------------------