Enabling X-Force Threat Intelligence in QRadar
By enabling X-Force Threat Intelligence in QRadar, you can receive feeds of the X-Force Threat Intelligence information to your console.
Before you begin
In QRadar V7.2.8 and later, the X-Force Threat Intelligence feed no longer needs to be purchased as a separate licensed subscription. After you update to QRadar V7.2.8, this feature is included with the standard license as part of the Service & Support contract.
Administrators who want access to the X-Force IP and URL reputation data feed must enable the X-Force Threat Intelligence feeds on their Console. Administrators can enable this feature from the System Settings screen of the Admin tab. All administrators must verify that the X-Force IP reputation feed is enabled before they attempt to enable X-Force rules on their appliance. Enabling the feed first prevents errors in QRadar and ensures that enabled rules are supplied data to trigger rules properly.
About this task
Use the following steps to enable X-Force Threat Intelligence Feeds for QRadar V7.2.8 and later.
Procedure
What to do next
After you enable the X-Force Threat Intelligence Feed, administrators who are on new installs need to ensure that they installed the Threat Content Extension. This procedure is discussed in the Installing extensions by using Extensions Management section, and it enables X-Force rules that work with the Threat Intelligence Feed.