This document was overhauled for version 1.3.5 of the app. To see an older version of the documentation, go to the EclecticIQ Platform 2.8.0 documentation.
The EclecticIQ Platform integration for IBM QRadar enables IBM QRadar users to ingest large quantities of threat intelligence from EclecticIQ Platform and the EclecticIQ Fusion Center Essentials CSV feed.
EclecticIQ Platform ingests cyber threat data in different formats from multiple sources, then removes duplicates, normalizes, and enriches source data with additional contextual details, and then uses outgoing feeds to output relevant information to IBM QRadar, where it can be analyzed and filtered by a set of rules to identify matching threats that may target your organization.
EclecticIQ Fusion Center actively researches threat actors, intrusion sets and their associated Tactics, Techniques, and Procedures (TTPs) in order to provide a holistic threat picture. This is all represented in structured STIX data and routinely cross-referenced with incoming feeds to identify potentially new and relevant data to grow our understanding of the threat. This feed can be integrated into IBM QRadar.