Integration with QRadar when QRadar cannot get updates

If it is not possible to get the latest QRadar updates, use the configuration procedure below.

To use QRadar with Feed Service if QRadar cannot be updated:

1. Import new QRadar identifiers to QRadar.
2. Add Feed Service as a log source for QRadar.
3. Map Feed Service events to QRadar identifiers.
4. Specify the log source type.
5. Perform the verification test.
6. (optional) Perform all steps from the following instructions: Configure QRadar to display custom fields of events.
7. (optional) Perform all steps from the following instructions: Configure QRadar to display events in a dashboard.

After you have successfully integrated Kaspersky CyberTrace with QRadar, install Kaspersky Threat Feed App.

In this section Importing QIDs to QRadar Adding Feed Service as a log source Mapping events to QIDs Specifying the log source type

Page top