Overview
The Flashpoint App for QRadar facilitates the delivery of Flashpoint technical intelligence and associated context specifically for QRadar users.
When consumed by a QRadar instance, Flashpoint Technical Indicators are added to QRadar reference sets and can be used in search, correlation, reporting, and visualization workflows in the same manner as other data, enhancing the user’s ability to uncover and monitor malicious activity within their environment, as well as add context to investigations.
The Flashpoint & IBM QRadar Advantage
This solution delivers an extensible threat intelligence platform which pulls insights and context from illicit online communities, as well as technical data, to provide defenders the prioritization, customization, and collaboration needed for increased security effectiveness and efficient threat operations and management.
Key Features
REAL-TIME AND HISTORICAL THREAT DETECTION
Based on rules, IOCs and pattern-matching to find known and emerging threats
SEAMLESS INSTALLATION
The integration can be installed directly from within the IBM Security App Exchange
REFERENCE SETS AND REFERENCE TABLES
The integration can be installed directly from within the IBM Security App Exchange
ACCESS BASIC RULES
IP, Domain, URL and Hash (MD5, SHA1 and SHA256) rules are included
VIEW FLASHPOINT CONTEXT
Summary pages for offenses that are generated by Flashpoint rules
VIEW FLASHPOINT FINISHED INTELLIGENCE
Available directly in the QRadar browser without having to log into the Flashpoint Intelligence Platform
Integrated Flashpoint Datasets
TECHNICAL DATA
Technical Indicators: Enable users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets, including those found in Flashpoint Finished Intelligence reports, allowing for seamless integration into users’ workflows and automated tools.
INTELLIGENCE REPORTS
Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.
Use Cases
INCIDENT RESPONSE (IR) & DETECTION
Organizations can leverage the Flashpoint App for QRadar to quickly query across Flashpoint technical data, expediting incident response investigations, as well as detecting illicit activity. This enables teams to enrich data collected during an investigation when response time is critical. On a daily basis, organizations collect large amounts of security event data, requiring significant resources to sift through, identify, and protect against a vast number of threat indicators. The Flashpoint App for QRadar enables security operations centers (SOCs) to quickly correlate high-fidelity IOCs curated by Flashpoint intelligence analysts with the client’s security event data to automatically filter through the noise and prioritize significant threats.
CYBER THREAT INTELLIGENCE (CTI)
CTI analysts are able to query against Flashpoint Technical Indicators to find data related to specific malware and threat actors. This allows analysts to generate alerts for new IOCs related to priority threat actors and groups. More specifically, it enables hunt teams to query Flashpoint technical data to identify and pivot off known threats to find additional indicators, as well as proactively uncover threats across the enterprise.
CTI teams can search malicious hashes, IPs, and domains to determine if any systems have communicated with known IOCs, as well as pivot directly to Flashpoint Finished Intelligence within QRadar to read associated Flashpoint analyses.
Installing the Flashpoint App for QRadar
The Flashpoint App for QRadar is available on —
exchange.xforce.ibmcloud.com/hub/extension/cc1c09107df16dbd2b09c1979c89f621
QRadar users download the App, deploy, and configure it using a Flashpoint API key.
For more information on the Flashpoint App for QRadar contact: