Hi Farhan,
We actually tried to integrate MISP with the Threat Intelligence app but we were not satisfied with the results.
The app in my opinion is not really usable feature-wise.
We are now happy with a script found on Github (https://github.com/syloktools/MISP-QRADAR-REFERENCE-SET-BUILDER), it's pretty straightforward to implement.
------------------------------
MDB
------------------------------
Original Message:
Sent: Mon April 25, 2022 05:08 AM
From: Farhan Saleem
Subject: MISP integration with QRadar
Hi Scott,
Yes exactly threat intelligence feeds are collected on STIX, TAXII but we just want to have the visibility how this can be integrated since there are multiple procedures available such as Minemeld and installing dockers .
We need to have the procedure how misp can be successfully integrated with Qradar.
------------------------------
Farhan Saleem
Original Message:
Sent: Fri April 22, 2022 03:37 AM
From: Scott Searls
Subject: MISP integration with QRadar
This is timely as I will be doing the same in a about a month. Any guidance to us will be appreciated. I believe it is with the Threat Intelligence app using STIX and TAXXI, but I am not sure. Please confirm for us.
------------------------------
Scott Searls
Original Message:
Sent: Thu April 21, 2022 02:51 AM
From: Farhan Saleem
Subject: MISP integration with QRadar
Hi,
I need to integrate the MISP with currently running AIO QRadar, can you please share the steps and procedure how this can be integrated as I have tried following the procedure available at Github but unfortunately that is having errors and integration is not successful.
------------------------------
Farhan Saleem
------------------------------