IBM QRadar SIEM - STIX/TAXII Integration#
These instructions are for connecting the PrecisionSec STIX/TAXII Threat Intelligence Feed to your IBM QRadar SIEM. This information is based on the documentation from the IBM website here: https://www.ibm.com/docs/en/qradar-common?topic=tif-adding-threat-intelligence-feeds
Attention
Credentials are required to access this data. If you have not yet received evaluation credentials, please request access.
Note
Our TAXII server currently only supports versions 1.x of the TAXII protocol.
From the navigation menu on the Threat Intelligence dashboard, click the Feeds Downloader icon.
Click Icon for Add Threat Feed, and then click Add TAXII Feed.
On the Add TAXII Feed window, click the Connection tab, and configure the following options:
TAXII Endpoint:
https://taxii.precisionsec.com/services/discovery
Version: TAXII 1.x
Authentication Method: HTTP Basic
Username/Password: Enter the credentials you were provided
Click Discover
You should now be able to view the available collections on the Parameter page.