The IBM QRadar Action Bundle for ThreatQ enables analysts to seamlessly integrate and enrich threat intelligence data with insights from IBM QRadar. This bundle allows users to query QRadar for additional context on Indicators of Compromise (IOCs) and incorporate relevant event information into ThreatQ.

The integration provides the following actions:

• IBM QRadar Action - performs a lookup within QRadar to find logs related to an indicator.
• IBM QRadar Get Description For Events - requests and ingests IBM QRadar Offense Analyst Notes as descriptions for the events previously retrieved by the IBM QRadar Action.

The action is compatible with the following object types:

• Events
• Indicators
• Email Address
• FQDN
• IP Address
• URL

The action returns enriched indicator and event object types.

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.