Introducing the Newly Certified ThreatStream QRadar App

April 5, 2018 | David Greenwood

Here at Anomali we have over 30 out-of-the box integrations, from SIEMs to endpoints and everything in between. Our QRadar integration is one of our most popular.

The QRadar app and Content Pack available to ThreatStream customers provide security analysts visibility into threats within their network by matching and enriching log data to known indicators of compromise through interactive dashboards.

We recently shared the latest version of the app (v1.0.4) with the IBM QRadar team who have blessed it with their certification (given to only a handful of apps in the XForce exchange).

In the latest release, we've added some new features that improve the workflow for threat hunting and SOC teams. Here's a brief introduction to some of them...

Submit observables from QRadar

As you work through offenses in QRadar, it is very likely you'll identify new threats not already reported to ThreatStream during an investigation. With this in mind, we decided to make it easier to submit new observables to ThreatStream from QRadar in a matter of clicks.

Once submitted, you can then explore and edit the indicator in the ThreatStream interface. The new indicator of compromise will also be available for matching to new logs in QRadar using the ThreatStream rules included in the Content Pack.

Submit false positives

Depending on the feeds you're subscribed to, it is likely you might discover events deemed to be malicious that are in fact benign. In such cases, users can mark the indicator as a false positive in ThreatStream so that it does not subsequently flag up as a match in QRadar.

Where can I download the latest release?

ThreatStream customers can get a copy of the app and Content Pack on the IBM XForce Exchange:

If you're not already a ThreatStream customer, sign up for a free trial today.

Finally a big thank you to Declan Wilson, Ryan Gribben, Gavin McDaid, Sean Creen, and Jagdeep Chabra who worked on this release here at Anomali.

David Greenwood
About the Author

David Greenwood

David is a Product Manager at Anomali. He's responsible for developing and executing strategy for integrations to and from the ThreatStream platform, working closely with Anomali customers to help them realize the value that threat intelligence can deliver to their business.

Get the latest threat intelligence news in your email.