Overview
Recorded Future for QRadar enables:
- Advanced enrichment of IP indicators with Risk Score and associated Evidence from Recorded Future collected and analysed data directly in IBM QRadar product. Feature available when hovering with the mouse cursor over any field containing an IP value.
- Lookup functionality available for IPs, via right-click menu, for additional context by pivoting to Recorded Future corresponding IP Intelligence Card and enabling access to all references ever collected around the indicator.
- Lookup functionality for IPs, domains, hashes, and vulnerabilities via a dedicated Recorded Future tab within QRadar, providing in-app information about risk scores and risk evidence for any indicator.
- Delivery of malicious or potentially malicious IPs lists (created based on custom Threshold, Risk Bandwidths or associated rules/evidences) consumed in IBM QRadar as Reference Sets which can be used for searches and correlations.
Recorded Future for IBM QRadar, enables faster detection of threats, better offenses triage, more granular correlation logic based on risk score or evidences, minimization of time for offenses and alerts investigation by adding relevant and comprehensive context.
To see this integration with Recorded Future data, please click here, which opens in Recorded Future University.
System requirements
- IBM QRadar versions
- Supported: QRadar 7.3.3 Patch 6 +, QRadar 7.4.1 Patch 2 +, QRadar 7.4.2 +, QRadar 7.5.0
- Unsupported: QRadar 7.4.0
- Recorded Future account for accessing content when pivoting outside IBM QRadar to the Recorded Future platform.
- Recorded Future API Token
- If you are upgrading from Recorded Future for QRadar v2.x to Recorded Future for QRadar v3.x.x, you will need a new Recorded Future API token. To get a token for Recorded Future for QRadar token, please fill out the following Recorded Future support form requesting a new integration API token for Splunk SOAR.
The Recorded Future for QRadar integration is available on the IBM App Exchange