Configuring the Threat Feeds Downloader

Configure the Threat Feeds Downloader so that the background polling service that IBM® QRadar® Threat Intelligence uses to request data from IBM QRadar works properly. If you use a proxy server or need to add a private root certificate (CA) bundle, you can configure those options at the same time.

Procedure

  1. From the navigation menu on the Threat Intelligence dashboard, click the Feeds Downloader icon (Icon for Feeds Downloader).
  2. Click Icon for downloadAdd Threat Feed, and then click Configuration.
  3. Add the authorized service token that you created on the App Settings page. For more information, see Creating an authorized service token.
  4. If you need to configure a proxy, enter the details.
  5. If you need to add a Private Root CA, upload the .pem file. Click Choose file to select the Private Root CA file you want to upload. Only the .pem file type is supported.
  6. Click Save.

Results

The Create Rule Action and the Configured Rule Actions list are not yet available on the Threat Intelligence dashboard. You can still create rule actions from the Configuration page on the Admin tab. For more information, see Creating rule actions.

What to do next

Adding threat intelligence feeds