Integration with QRadar when QRadar cannot get updates

If it is not possible to get the latest QRadar updates, use the configuration procedure below.

To use QRadar with Feed Service if QRadar cannot be updated:

  1. Import new QRadar identifiers to QRadar.
  2. Add Feed Service as a log source for QRadar.
  3. Perform all steps from the following instructions: Step B. Forwarding events from QRadar to Feed Service.
  4. Perform all steps from the following instructions: Step C. Sending a set of events to QRadar.
  5. Map Feed Service events to QRadar identifiers.
  6. Perform the verification test.
  7. (optional) Perform all steps from the following instruction: Configure QRadar to display custom fields of events.
  8. (optional) Perform all steps from the following instruction: Configure QRadar to display events in a dashboard.

After you have successfully integrated Kaspersky CyberTrace with QRadar, install Kaspersky Threat Feed App:

  1. Step G (optional). Install Kaspersky Threat Feed App.
  2. Specify the log source type.
  3. Step H (optional). Configure Kaspersky Threat Feed App.

In this section

Importing QIDs to QRadar

Adding Feed Service as a log source

Mapping events to QIDs

Specifying the log source type

Page top