How to integrate Kaspersky Threat Data Feeds with IBM QRadar

Latest update: December 16, 2022 ID: 13854

Kaspersky offers the two ways of integrating Kaspersky Threat Data Feeds with IBM QRadar: by using Kaspersky CyberTrace or by using Kaspersky Data Feeds for QRadar importing utility.

Kaspersky CyberTrace

Kaspersky CyberTrace allows you to check URLs, file hashes, and IP addresses contained in events that arrive in IBM QRadar. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky Lab, or from other vendors or sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and an generates event supplemented with actionable context.

To install the SIEM connector for IBM QRadar:

  1. Download Kaspersky CyberTrace.
  2. Install the latest QRadar updates (optional).
  3. Follow the instructions in the product documentation to install the package.

You can also get the Kaspersky Threat Feed App installation package from the IBM Security App Exchange and install it to IBM QRadar. Kaspersky Threat Feed App provides the following features within the IBM QRadar GUI to always keep you informed:

  • The display and prioritization of information about URLs, IP addresses, and file hashes from events that match Kaspersky Threat Data Feeds.
  • The lookup of URLs, IP addresses, and hashes in Kaspersky Threat Data Feeds via the QRadar Search field.
  • Dashboards for at-a-glance overviews as well as more detailed information on matching events.

Find the download files for Kaspersky CyberTrace in this article.

To install the Kaspersky Threat Feed App:

  1. Download the Kaspersky Threat Feed App.
  2. In QRadar Web Console, select Admin and then Extensions Management.
  3. In the Extensions Management form, click the Add button and select the application file archive.

Kaspersky Data Feeds for QRadar

Kaspersky Data Feeds for QRadar is an application designed to integrate Kaspersky Threat Intelligence Data Feeds into IBM QRadar environment to highlight risks and implications associated with security breaches, aid in mitigating cyber threats more effectively and defend against attacks even before they are launched.

Kaspersky Data Feeds for QRadar importing utility is a utility provided by Kaspersky that imports indicators from Kaspersky Threat Data Feeds to IBM® QRadar reference sets.

After the indicators are imported from the feed to QRadar, you can check incoming events in QRadar against them. The Custom Rules Engine (CRE) module of QRadar can check whether incoming events contain records stored in the reference sets. You can configure QRadar to respond in a specific way when an incoming event contains a record from one of the reference sets that have been created.

Kaspersky Data Feeds for QRadar importing utility is a Python application; it contains no binary files.

You can download Kaspersky Data Feeds for QRadar importing utility:

Did you find what you were searching for?
Thank you for your feedback!