IBM Security QRadar SOAR

 View Only
  • 1.  Add IP ranges in artifact

    Posted Thu March 31, 2022 10:55 AM

    Hello,

    We would like to know how can we add IP ranges to global artifacts and also we want to know how IP ranges are handled, please. 

    Thank you for your help.






    ------------------------------
    Mohamed LOUCIF-ext
    ------------------------------


  • 2.  RE: Add IP ranges in artifact

    Posted Fri April 01, 2022 02:59 AM
    There is a built-in artifact type "Network CIDR Range" that can be used, but not supported for threat source scan. It is handled as string value.

    ------------------------------
    Leo Kuo
    ------------------------------



  • 3.  RE: Add IP ranges in artifact

    Posted Tue April 12, 2022 10:40 AM
    Edited by Mohamed LOUCIF-ext Tue April 12, 2022 10:41 AM
    Thank you very much @Leo Kuo for the answer.

    That's work but there is something we don't understand please, how to relate ​an "IP Address" artifact to a "Network CIDR Range" ?
    For example, if we have a Network CIDR Range as a Global Artifact and an IP Address artifact included in this range on an incident, for now, they seem to be not related. 




    ------------------------------
    Mohamed LOUCIF-ext
    ------------------------------



  • 4.  RE: Add IP ranges in artifact

    Posted Tue April 12, 2022 10:29 PM
    given it is handled as string value, the relate incident connection would be built only with exact matching string. At this moment there is no manual way to relate incidents have 2 different artifacts.

    ------------------------------
    Leo Kuo
    ------------------------------