Bootstrap Intelligence Center Integration#
Start the resilient-circuits integration module, register the integration, and test it.
Bootstrap the app#
Open a terminal session, log in to IBM QRadar SOAR with SSH, and start the integration module:
# Run this command to start the integration. resilient-circuits run # Successful response. resilient-circuits has started successfully and is now running... Subscribe to message destination 'eclecticiq_sighting' Subscribe to message destination actions.201.eclecticiq_sighting
Open a new terminal session, log in to IBM QRadar SOAR with SSH, and register Intelligence Center Integration as a threat source in IBM Resilient:
sudo resutil threatserviceedit -name "EclecticIQ Intelligence Center" -resturl http://${resilient_circuits_url}:9000/cts/eiq
In the command parameters, replace the
${resilient_circuits_url}placeholder with the IP address previously assigned to host in the[resilient]stanza of theapp.configfile.
Test the integration#
To test the threat service integration:
Open a terminal session in IBM QRadar SOAR, and then run the following command:
# Run this command to test the integration sudo resutil threatservicetest -name "Intelligence Center" # Successful response Successfully connected to Intelligence Center
To verify that the integration is enabled:
Open a web browser, and log in to IBM QRadar SOAR through the GUI.
Click the user menu.
From the drop-down menu select Administrator Settings.
In the Administrator Settings view, click the Threat Sources tab.
Intelligence Center should be listed in the Threat Sources view, and its status should be ON.
If the app status is OFF, click it to enable it.