IBM QRadar
Overview
IBM® QRadar® is a SIEM platform that provides situational awareness and compliance support. QRadar uses a combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment.
Integration Benefits
This integrations will allow to automatically crosscheck all the log sources already onboarded into QRadar against Maltiverse Threat Intelligence feeds for IP, Hostnames, URL’s and file Hashes related fields. That will automatically trigger new alerts pointing out to possible Security Incidents
It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.
Reference Set Mapping
In order to configure Maltiverse Feeds into QRadar Threat Intelligence APP it is needed to map each maltiverse feed with a reference set and then create a Rule to generate offenses whenever there is a match. The following table relates the most relevant Collections with a recommendation of a reference set to map with and an explanation of the rule logic:
| Collection (Maltiverse Feed) | Observable Type | Reference Set | Rule Logic |
|---|---|---|---|
| Command and Controls | IPv4 Address | Botnet C&C IPs | when any of Destination IP are contained in any of Botnet C&C IPs |
| Command and Controls | Domain Name | Malware Hostnames | when any of Domain are contained in any of Malware Hostnames |
| Malware Distribution | IPv4 Address | Malware IPs | when any of Destination IP are contained in any of Malware IPs |
| Malware Distribution | Domain Name | Malware Hostnames | when any of Domain are contained in any of Malware Hostnames |
| Malware Distribution | URL | Malware URLs | when any of Request URL are contained in any of Malware URLs |
| Malware | File Hash | Malware Hashes SHA | when any of File Hash are contained in any of Malware Hashes SHA |
| Phishing | URL | Phishing URLs | when any of Request URL are contained in any of Phishing URLs |
| Malicious URLs | URL | Malicious URLs | when any of Request URL are contained in any of Malicious URLs |
- Date
- October 14, 2022
Integrate IBM QRadar https://youtu.be/8JOLtpQDDc4 Overview IBM® QRadar® is a SIEM platform that provides situational awareness and compliance support. QRadar uses a combination of flow-based network knowledge, […]- Date
- May 13, 2022
Integrate Compatibility CheckPoint > = R81 CheckPoint Smartconsole https://www.youtube.com/watch?v=TCIZ58LwA6A Overview Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to governments and […]- Date
- March 7, 2022
Integrate Microsoft Sentinel https://www.youtube.com/watch?v=0MTSMlXpXFc Overview Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft […]- Date
- March 1, 2022
Integrate Splunk Enterprise Security https://www.youtube.com/watch?v=Ec63miHeo8Q&t Overview Splunk Enterprise Security (Splunk ES) is a security information and event management (SIEM) solution that enables security teams to quickly […]
