About the IBM QRadar SOAR integration#
The EclecticIQ Intelligence Center integration for IBM QRadar SOAR enables EclecticIQ Intelligence Center as a custom threat source service in IBM QRadar SOAR.
This integration helps automate incident response processes by making threats to your organization more visible, and by providing actionable contextual information to respond to them quickly and efficiently.
IBM QRadar SOAR scans EclecticIQ Intelligence Center for matching artifacts. Artifacts are pieces of evidence gathered during an investigation.
EclecticIQ Intelligence Center stores artifacts as observables.
Immediately after creating an artifact, IBM QRadar SOAR automatically queries EclecticIQ Intelligence Center for matches and for any available additional context. When IBM QRadar SOAR detects a match in EclecticIQ Intelligence Center, it can automatically create a sighting in Intelligence Center.
When the following artifact types are created in IBM QRadar SOAR, the system automatically searches the integrated EclecticIQ Intelligence Center instance for existing observables matching the new artifacts:
IBM QRadar SOAR artifact |
Artifact type JSON field |
|---|---|
DNS Name |
net.name |
Email Body |
|
Email Recipient |
email.header.to |
Email Sender |
email.header.sender_address |
Email Subject |
email.header |
IP Address |
net.ip |
Malware MD5 Hash |
hash.md5 |
Malware SHA-1 Hash |
hash.sha1 |
Malware SHA-256 Hash |
hash.sha256 |
Malware SHA-512 Hash |
hash.sha512 |
URL |
net.uri |
URI Path |
net.uri.path |