IBM Qradar

IBM QRadar

Overview

IBM® QRadar® is a SIEM platform that provides situational awareness and compliance support. QRadar uses a combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment.

Integration Benefits

This integrations will allow to automatically crosscheck all the log sources already onboarded into QRadar against Maltiverse Threat Intelligence feeds for IP, Hostnames, URL’s and file Hashes related fields. That will automatically trigger new alerts pointing out to possible Security Incidents

It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.

Reference Set Mapping

In order to configure Maltiverse Feeds into QRadar Threat Intelligence APP it is needed to map each maltiverse feed with a reference set and then create a Rule to generate offenses whenever there is a match. The following table relates the most relevant Collections with a recommendation of a reference set to map with and an explanation of the rule logic:

Collection (Maltiverse Feed)	Observable Type	Reference Set	Rule Logic
Command and Controls	IPv4 Address	Botnet C&C IPs	when any of Destination IP are contained in any of Botnet C&C IPs
Command and Controls	Domain Name	Malware Hostnames	when any of Domain are contained in any of Malware Hostnames
Malware Distribution	IPv4 Address	Malware IPs	when any of Destination IP are contained in any of Malware IPs
Malware Distribution	Domain Name	Malware Hostnames	when any of Domain are contained in any of Malware Hostnames
Malware Distribution	URL	Malware URLs	when any of Request URL are contained in any of Malware URLs
Malware	File Hash	Malware Hashes SHA	when any of File Hash are contained in any of Malware Hashes SHA
Phishing	URL	Phishing URLs	when any of Request URL are contained in any of Phishing URLs
Malicious URLs	URL	Malicious URLs	when any of Request URL are contained in any of Malicious URLs

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Elastic Security

D3 Security

IBM QRadar

Overview

Integration Benefits

Reference Set Mapping

Related posts

Netwithess

Wazuh.

Seceon