IBM Security QRadar

Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.

------------------------------
Farhan Saleem
------------------------------

This is timely as I will be doing the same in a about a month.  Any guidance to us will be appreciated.  I believe it is with the Threat Intelligence app using STIX and TAXXI, but I am not sure.  Please confirm for us.

------------------------------
Scott Searls
------------------------------

Original Message:
Sent: Thu April 21, 2022 02:51 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.

------------------------------
Farhan Saleem
------------------------------

me2 :)

------------------------------
Vladx(x)
------------------------------

Original Message:
Sent: Fri April 22, 2022 03:37 AM
From: Scott Searls
Subject: MISP integration with QRadar

This is timely as I will be doing the same in a about a month.  Any guidance to us will be appreciated.  I believe it is with the Threat Intelligence app using STIX and TAXXI, but I am not sure.  Please confirm for us.

------------------------------
Scott Searls

Original Message:
Sent: Thu April 21, 2022 02:51 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.

------------------------------
Farhan Saleem
------------------------------

Hi Scott,

Yes exactly threat intelligence feeds are collected on STIX, TAXII but we just want to have the visibility how this can be integrated since there are multiple procedures available such as Minemeld and installing dockers .

We need to have the procedure how misp can be successfully integrated with Qradar.

------------------------------
Farhan Saleem
------------------------------

Original Message:
Sent: Fri April 22, 2022 03:37 AM
From: Scott Searls
Subject: MISP integration with QRadar

This is timely as I will be doing the same in a about a month.  Any guidance to us will be appreciated.  I believe it is with the Threat Intelligence app using STIX and TAXXI, but I am not sure.  Please confirm for us.

------------------------------
Scott Searls

Original Message:
Sent: Thu April 21, 2022 02:51 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.

------------------------------
Farhan Saleem
------------------------------

Hi Farhan,

We actually tried to integrate MISP with the Threat Intelligence app but we were not satisfied with the results.
The app in my opinion is not really usable feature-wise.

We are now happy with a script found on Github (https://github.com/syloktools/MISP-QRADAR-REFERENCE-SET-BUILDER), it's pretty straightforward to implement.

------------------------------
MDB
------------------------------

Original Message:
Sent: Mon April 25, 2022 05:08 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi Scott,

Yes exactly threat intelligence feeds are collected on STIX, TAXII but we just want to have the visibility how this can be integrated since there are multiple procedures available such as Minemeld and installing dockers .

We need to have the procedure how misp can be successfully integrated with Qradar.

------------------------------
Farhan Saleem

Original Message:
Sent: Fri April 22, 2022 03:37 AM
From: Scott Searls
Subject: MISP integration with QRadar

This is timely as I will be doing the same in a about a month.  Any guidance to us will be appreciated.  I believe it is with the Threat Intelligence app using STIX and TAXXI, but I am not sure.  Please confirm for us.

------------------------------
Scott Searls

Original Message:
Sent: Thu April 21, 2022 02:51 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.

------------------------------
Farhan Saleem
------------------------------

Hi Matteo De Bernardin,

Thanks for sharing the information , can you also please let us know does the shared scripts will create new reference sets in QRadar or will they are able to enrich any existing reference set.

Thanks in Advance.

BR,
Farhan

------------------------------
Farhan Saleem
------------------------------

Original Message:
Sent: Tue April 26, 2022 02:56 AM
From: Matteo De Bernardin
Subject: MISP integration with QRadar

Hi Farhan,

We actually tried to integrate MISP with the Threat Intelligence app but we were not satisfied with the results.
The app in my opinion is not really usable feature-wise.

We are now happy with a script found on Github (https://github.com/syloktools/MISP-QRADAR-REFERENCE-SET-BUILDER), it's pretty straightforward to implement.

------------------------------
MDB

Original Message:
Sent: Mon April 25, 2022 05:08 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi Scott,

Yes exactly threat intelligence feeds are collected on STIX, TAXII but we just want to have the visibility how this can be integrated since there are multiple procedures available such as Minemeld and installing dockers .

We need to have the procedure how misp can be successfully integrated with Qradar.

------------------------------
Farhan Saleem

Original Message:
Sent: Fri April 22, 2022 03:37 AM
From: Scott Searls
Subject: MISP integration with QRadar

This is timely as I will be doing the same in a about a month.  Any guidance to us will be appreciated.  I believe it is with the Threat Intelligence app using STIX and TAXXI, but I am not sure.  Please confirm for us.

------------------------------
Scott Searls

Original Message:
Sent: Thu April 21, 2022 02:51 AM
From: Farhan Saleem
Subject: MISP integration with QRadar

Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.

------------------------------
Farhan Saleem
------------------------------