Configuring Am I Affected settings

Search your QRadar environment to see whether you are prone to threats identified in the X-Force Exchange collections, such as Petya or WannaCry.

Procedure

  1. From the navigation menu on the Threat Intelligence dashboard, click the App Settings icon (Icon for app settings).
  2. Click the Am I Affected tab, and then configure the following settings for both the Log Event tab and the Network Event tab.
    Option Description

    Enable Log Event Scan or Enable Flow Event Scan

    Specify which event scan you want to run.

    move down or move up

    Click the move down or the move up icon to change the order of running the scan.

    Source IP

    Where the attack is originating or directed. Example: sourceip.

    Destination IP

    Where the attack is targeted. Example: destinationip.

    Malware

    The identifier for a specific malware. Example: file_hash.

    URL

    Host name. Example: Hostname, url.

    Time Duration

    The time period that you want to search for.

  3. Click Save Configuration.