[KB8312] ESET Threat Intelligence with IBM QRadar

Issue

  • Add TAXII Feed in STIX/TAXII Configuration in the ESET Threat Intelligence with IBM QRadar portal 

Solution

  1. Open the IBM QRadar portal in your browser.

  2. Click Threat Intelligence.

    Figure 1-1

  3. Click STIX/TAXII Configuration.

    Figure 1-2

  4. Open the Add Threat Feed drop-down menu and select Add TAXII Feed.

    Figure 1-3

  1. In the Connection tab, fill the TAXII Feed connection parameters as follows:

    • TAXII Endpoint: https://eti.eset.com/taxiiservice/discovery
    • Authentication Method: HTTP Basic
    • Username: Your ESET Threat intelligence username
    • Password: Your ESET Threat intelligence password

    Figure 1-4

  2. Click the Parameters tab and select the desired ETI feed From the Collection drop-down menu.

    Figure 1-5

  3. Select your desired parameters for Observable Type, Polling Interval, Poll Initial Date, and Reference Set. When you are finished, click Add FeedNext

    Figure 1-6

  4. In the Summary tab, click Save.

    Figure 1-7

  5. The ETI feed will start polling based on the Polling Interval that was set in step 7. The ETI data will be available for use in Reference Set that was set in step 7.

    Figure 1-8
English
Last Updated: Nov 23, 2022

Additional resources

User Guides

ESET Forum

YouTube videos

Need further assistance?

Contact ESET Technical Support

More Information

Support News
Customer Advisories