How to integrate Kaspersky Threat Data Feeds with IBM QRadar
Kaspersky offers the two ways of integrating Kaspersky Threat Data Feeds with IBM QRadar: by using Kaspersky CyberTrace or by using Kaspersky Data Feeds for QRadar importing utility.
Kaspersky CyberTrace allows you to check URLs, file hashes, and IP addresses contained in events that arrive in IBM QRadar. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or from other vendors or sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and an generates event supplemented with actionable context.
To install the SIEM connector for IBM QRadar:
- Download Kaspersky CyberTrace.
- Install the latest QRadar updates (optional).
- Follow the instructions in the product documentation to install the package.
You can also get the Kaspersky Threat Feed App installation package from the IBM Security App Exchange and install it to IBM QRadar. Kaspersky Threat Feed App provides the following features within the IBM QRadar GUI to always keep you informed:
- The display and prioritization of information about URLs, IP addresses, and file hashes from events that match Kaspersky Threat Data Feeds.
- The lookup of URLs, IP addresses, and hashes in Kaspersky Threat Data Feeds via the QRadar Search field.
- Dashboards for at-a-glance overviews as well as more detailed information on matching events.
Find the download files for Kaspersky CyberTrace in this article.
To install the Kaspersky Threat Feed App:
- Download the Kaspersky Threat Feed App.
- In QRadar Web Console, select Admin and then Extensions Management.
- In the Extensions Management form, click the Add button and select the application file archive.