Pinned topic Indicators of Compromise
Re: We have been requesting to2013-01-28T21:12:08ZThis is the accepted answer. This is the accepted answer.We have been requesting to have a web service to be able to send the IOC data we get from iDefense hourly into QRadar.
Posted By Greg Mathes
dan.kennedy 27000696NC1 Post
Re: no its CSV or XML (but not2014-05-13T15:29:42ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
Has this gained any traction? We're looking at iDefense & I'd certainly love to import it more easily into the interface above scripting some wget hack of the xml/csv & importing.
Are you guys pulling your iDefense feeds into QRadar by that means, or just using it independent of the Q1? Thanks!
mcalvi91 27000402M94 Posts
Re: no its CSV or XML (but not2014-05-14T13:27:20ZThis is the accepted answer. This is the accepted answer.
- dan.kennedy 27000696NC
Currently we pull it and push to our point products (proxy/etc) outside of Q1. In the proxy we have specialized things setup for Q1 to alert on when the domain/ip/urls are hit.