
Aug 23, 2024
1.0.0
ThreatQ Versions >= 5.0.0
IBM QRadar Action
Overview
The IBM QRadar Action for ThreatQ allows an analyst to query IBM QRadar for more information about a given IOC.
The integration provides the following action:
- IBM QRadar Action - performs a lookup within QRadar to find logs related to an indicator.
The action is compatible with the following indicator types:
- Email Address
- FQDN
- IP Address
- URL
The action returns enriched system indicator and event object types.
Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.