IBM QRadar SIEM - STIX/TAXII Integration

IBM QRadar SIEM - STIX/TAXII Integration#

These instructions are for connecting the PrecisionSec STIX/TAXII Threat Intelligence Feed to your IBM QRadar SIEM. This information is based on the documentation from the IBM website here: https://www.ibm.com/docs/en/qradar-common?topic=tif-adding-threat-intelligence-feeds

Attention

Credentials are required to access this data. If you have not yet received evaluation credentials, please request access.

Note

Our TAXII server currently only supports versions 1.x of the TAXII protocol.

From the navigation menu on the Threat Intelligence dashboard, click the Feeds Downloader icon.
Click Icon for Add Threat Feed, and then click Add TAXII Feed.
On the Add TAXII Feed window, click the Connection tab, and configure the following options:
- TAXII Endpoint: https://taxii.precisionsec.com/services/discovery
- Version: TAXII 1.x
- Authentication Method: HTTP Basic
- Username/Password: Enter the credentials you were provided
Click Discover
- You should now be able to view the available collections on the Parameter page.