Configure the QRadar app for Fusion Center#
Caution
This application is no longer supported.
From 3 August 2022, use the new EclecticIQ Intelligence Center App instead. (Documentation)
This topic describes how to configure the Threat Intelligence EclecticIQ Platform App for IBM QRadar for the EclecticIQ Fusion Center Essentials CSV feed.
Prerequisites#
EclecticIQ Fusion Center Essentials CSV feed.
QRadar version 7.2.8 or later.
Install Threat Intelligence EclecticIQ Platform App for IBM QRadar#
Download the integration#
To download the Threat Intelligence EclecticIQ Platform App for IBM QRadar:
Go to the IBM App Exchange and download the application to your machine.
Or, contact EclecticIQ Support and request the application.
Add Threat Intelligence EclecticIQ Platform App for IBM QRadar#
In IBM QRadar, click the menu (☰) in the top-left corner.
Click Admin
In the left navigation bar, click System Configuration, then click Extensions Management.
On the top-right, click Add.
Locate the Threat Intelligence EclecticIQ Platform App for IBM QRadar downloaded in Download the integration.
Select the Install immediately checkbox.
Click Add.
Configure Threat Intelligence EclecticIQ Platform App for IBM QRadar#
Open IBM QRadar.
In the navigation menu (☰), click Admin.
In the left navigation bar, click Apps.
Click the EclecticIQ Threat Intelligence application.
In the EclecticIQ Threat Intelligence Platform Configuration Page, fill out the following fields:
Field name
Description
QRadar Security Token
Set this to the Authorized Service Token generated in Generate Authorized Service Token.
EclecticIQ Platform URL
Set this to:
https://cti.eclecticiq.com
EclecticIQ Platform Login
Set this to your Fusion Center user name.
EclecticIQ Platform Password
Set this to your Fusion Center user password.
(Optional) Proxy URL
Set this to the IP address or URL of the proxy server to connect to.
(Optional) Proxy Login
Set this to the user name used to authenticate with the proxy server.
(Optional) Proxy Password
Set this to the password used to authenticate with the proxy server.
EclecticIQ Platform Feed ID#
Set this to the feed ID(s) provided by Fusion Center.
Tip
To view available feeds go to: https://cti.eclecticiq.com/feeds/downloads/
For example, the essentials.blacklist.csv.daily feed is ID 77.
EclecticIQ Platform Version
Set this to:
FC
EclecticIQ User Group Name
Leave empty.
EclecticIQ Feeds Ingestion schedule. Download data every, min
Set this to:
120
Validate Threat Intelligence Platform SSL certs
Select to validate the EclecticIQ Platform ssl certificates.
Pull Outgoing Feeds Immediately
Select this to ingest data from the specified feed ID immediately after you click Save.
Click Save.