Support

Support for business applications

Kaspersky Threat Data Feeds
Kaspersky Threat Data Feeds
Knowledge Base
FAQ Forum Contact support Recovery tools Product videos
 
 

How to integrate Kaspersky Threat Data Feeds with IBM QRadar

Latest update: March 13, 2023 ID: 13854
 
 
 
 

Kaspersky offers the two ways of integrating Kaspersky Threat Data Feeds with IBM QRadar Security Intelligence Platform:

  • By using Kaspersky CyberTrace. For instructions, follow the steps below.
  • By using Kaspersky Data Feeds for IBM QRadar importing utility. See the guide below.

Kaspersky CyberTrace

Kaspersky CyberTrace is a complex platform that allows you to check URLs, file hashes, and IP addresses contained in events that arrive in IBM QRadar. The URLs, file hashes, and IP addresses are checked against Threat Data Feeds from Kaspersky, other vendors or from sources loaded to Kaspersky CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event supplemented with actionable context.

To integrate Kaspersky CyberTrace with IBM QRadar:

  1. Download Kaspersky CyberTrace.
  2. Follow the instructions on how to integrate Kaspersky CyberTrace with QRadar in Online Help.

The integration will be configured.

Kaspersky Data Feeds for IBM QRadar importing utility

The importing utility is designed to integrate Kaspersky Threat Intelligence with IBM QRadar and to import indicators from Kaspersky Threat Data Feeds to IBM QRadar reference sets. The tool also highlights risks and implications associated with security breaches, aids in mitigating cyber threats and defends against attacks before they are launched.
Kaspersky Data Feeds for IBM QRadar importing utility is a Python application; it contains no binary files.

After the indicators are imported from the Feeds, you can check incoming events in IBM QRadar against them. The Custom Rules Engine (CRE) module of IBM QRadar can check whether incoming events contain records stored in the reference sets. You can configure IBM QRadar to respond in a specific way when an incoming event contains a record from one of the reference sets that have been created.

You can obtain Kaspersky Data Feeds for IBM QRadar importing utility by sending a request to intelligence@kaspersky.com.

 
 
 
 
 
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.