QRadar Threat Intelligence app

IBM® QRadar® Threat Intelligence pulls in threat intelligence feeds by using the open standard STIX and TAXII formats, and to deploy the data to create custom rules for correlation, searching, and reporting. For example, you can use the app to import public collections of dangerous IP addresses from IBM X-Force Exchange and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

Beginning with version 2.0.0 of the app, you can search for and browse Recent Collections, Early-Warning Collections, Public Collections, and view IBM Advanced Threat Protection Feeds in the Threat Intelligence dashboard on the QRadar Console. You can also configure settings to conduct scanning in your QRadar environment to see whether any threats that are identified in X-Force Exchange collections can affect your environment.

  • You must have IBM Advanced Threat Protection Feed license to use associated capabilities such as the Am I Affected scan.

For more information about the Trusted Automated Exchange of Intelligence Information (TAXII™), see the Introduction to TAXII website (https://oasis-open.github.io/cti-documentation/taxii/intro).

For more information about the Structured Threat Information Expression (STIX™) language that is used by TAXII, see the Introduction to STIX website (https://oasis-open.github.io/cti-documentation/stix/intro).