Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
5 replies Latest Post - ‏2014-09-25T15:38:32Z by pjl
YamShar
YamShar
2 Posts
ACCEPTED ANSWER

Pinned topic Xforce Premium group

‏2014-02-09T08:18:01Z |

Hello,

I can see a separate group as XForce Premium after the upgrade to 7.2 . In that group few of the rules are using some reference lists like XForce_Premium.Premium_Malware , XForce_Premium.Premium_AnonymousProxies

Does anyone knows where are the XForce Premium watchlists stored. ??

  • Alaa Ali
    Alaa Ali
    8 Posts
    ACCEPTED ANSWER

    Re: Xforce Premium group

    ‏2014-02-17T16:14:42Z  in response to YamShar

    Be careful with your wording because "Reference Lists" is a phrase for lists that you can create in QRadar =), but those XForce_Premium.Premium_Malware and XForce_Premium.Premium_AnonymousProxies are not QRadar Reference Lists, they are network objects (which are "lists" used for reference). You should be able to see them if you go to the Admin tab and go to Remote Networks (or Remote Services. Can't remember which one). One of them should have a group called XForce_Premium, and you'll find the subgroups when you expand it.

    • YamShar
      YamShar
      2 Posts
      ACCEPTED ANSWER

      Re: Xforce Premium group

      ‏2014-02-20T07:29:26Z  in response to Alaa Ali

      Hello Alaa,

      Thank you for ignoring my wrong choices of words.

      As you said I have checked both Remote Networks & Remote Services but i'm not able to find it anywhere.

      Can you also tell me where on the server are the lists mentioned in Remote Networks stored

      • Alaa Ali
        Alaa Ali
        8 Posts
        ACCEPTED ANSWER

        Re: Xforce Premium group

        ‏2014-03-06T14:36:45Z  in response to YamShar

        I do not have access to a QRadar system right now, but the remote networks should be in a file called remotenet.conf, located under /store/configservices/staging/globalconfig/.

        • Vijay Tumu
          Vijay Tumu
          1 Post
          ACCEPTED ANSWER

          Re: Xforce Premium group

          ‏2014-09-04T11:14:58Z  in response to Alaa Ali

          Hi Team,

          Can some one Please help me out for getting the list of IP's under Admin Tab -> Remote Networks and services Configuration-->Remote Networks-->XForce_Premium-->Premium_Malware

          I can able to see the list of IP's, But do we have copy & Past Option of these IP's?  should send them our network team to restrict in firewall

          Thanks in Advance 

          Vijay Tumu

           

           

          • pjl
            pjl
            3 Posts
            ACCEPTED ANSWER

            Re: Xforce Premium group

            ‏2014-09-25T15:38:32Z  in response to Vijay Tumu

            So I realize I'm asking the obvious, but is XForce Premium an additional license? The only reason I ask is I can see it used in a few canned rules. For example:  XForce Premium: Internal Connection to Possible Malware Host. I'm on version 7.2.3. Is it possible to get a temp key to try it out for a period of time?