The IBM QRadar for ThreatQ Integration Application is a bi-directional application that runs within a docker container on the IBM QRadar SIEM.

The application allows for IBM QRadar to ingest ThreatQ indicators of compromise (IoCs) into reference sets that can be leveraged by IBM QRadar rules to create offenses for matched IoCs.

Additionally, this application provides several right-click actions to assist in analysis into malicious and/or suspicious activity. Offenses that match the Offense Severity Threshold will be exported to ThreatQ.

The application provides the following functionality:

• It allows for the ingestion of ThreatQ's indicators of compromise (IoCs).
• It exports IBM QRadar Offenses to ThreatQ as Events.
• It parses IBM QRadar Events and adds the Offense Source as Indicators in ThreatQ.
• It provides right-click actions that allow QRadar Analysts to interact with their ThreatQ instance from within the QRadar SIEM's user interface.