The app is populating the reference sets in QRadar with the network assets IP's from Holm Security. The IP's have different severities, therefore different names of sets are labeled accordingly. By entering the API token and base URL. New set will be created in reference set management by the following names:
Holm_info_ip_assetsHolm_low_ip_assetsHolm_medium_ip_assetsHolm_high_ip_assetsHolm_critical_ip_assets
Prerequisites
This guide assumes that QRadar app is installed and running. In order to access our app, you will also need to download QRadar app editor and QRadar Pulse: https://exchange.xforce.ibmcloud.com/hub/extension/5d0f3f37cc5c4d16ccafe9d40d8dffe5 for more information.Installation
- Click Admin > Apps > QRadar app editor.
- Click Existing app.
- Upload our app from Github (by cloning or by uploading the zipped file) found here: https://github.com/holmsecurity/api-examples/tree/master/integrations/Qradar
- Click Install and wait a couple of minutes.
- Refresh the main dashboard page and then click Holm Security development.
- Click Action > Deploy > Live mode.
- Click Holm Security from the bar and start using the app.
- Upload JSON file
Holm Security_v0.62.jsonin to the QRadar Pulse app - Done!
0 Comments