intelligence-center-app-qradar
所属分类:嵌入式/单片机/硬件编程
开发工具:JavaScript
文件大小:35465KB
下载次数:0
上传日期:2023-01-31 11:17:00
上 传 者:
sh-1993
说明: 官方EclecticIQ智能中心QRadar应用程序
(The official EclecticIQ Intelligence Center QRadar App)
文件列表:
LICENSE (1067, 2023-07-26)
build (0, 2023-07-26)
build\eclecticiq_2_2_1.zip (17261148, 2023-07-26)
docs (0, 2023-07-26)
docs\Qradar-doc-md (0, 2023-07-26)
docs\Qradar-doc-md\USER-MANUAL.md (16250, 2023-07-26)
docs\Qradar-doc-md\assets (0, 2023-07-26)
docs\Qradar-doc-md\assets\dashboard.png (75897, 2023-07-26)
docs\Qradar-doc-md\assets\install-qradar-select-management.png (131420, 2023-07-26)
docs\Qradar-doc-md\assets\install-qradar-success.png (57666, 2023-07-26)
docs\Qradar-doc-md\assets\install-qradar-the-application.png (83625, 2023-07-26)
docs\Qradar-doc-md\assets\sighting-1.png (239621, 2023-07-26)
docs\Qradar-doc-md\assets\sighting-2.png (134234, 2023-07-26)
docs\Qradar-doc-md\assets\sighting-3.png (71722, 2023-07-26)
docs\Qradar-doc-md\assets\sighting-4.png (118709, 2023-07-26)
docs\USER-MANUAL.pdf (937218, 2023-07-26)
sourcecode (0, 2023-07-26)
sourcecode\app (0, 2023-07-26)
sourcecode\app\__init__.py (2496, 2023-07-26)
sourcecode\app\apilib (0, 2023-07-26)
sourcecode\app\apilib\__init__.py (0, 2023-07-26)
sourcecode\app\apilib\eiq_api.py (56300, 2023-07-26)
sourcecode\app\apilib\eiq_sighting.py (11635, 2023-07-26)
sourcecode\app\apilib\ibm_api.py (21294, 2023-07-26)
sourcecode\app\checkpoint_store.py (2109, 2023-07-26)
sourcecode\app\cipher.py (1299, 2023-07-26)
sourcecode\app\collector (0, 2023-07-26)
sourcecode\app\collector\__init__.py (17, 2023-07-26)
sourcecode\app\collector\eiq_data.py (45265, 2023-07-26)
sourcecode\app\collector\request.py (3322, 2023-07-26)
sourcecode\app\configs (0, 2023-07-26)
sourcecode\app\configs\__init__.py (15, 2023-07-26)
sourcecode\app\configs\checkpoint_store.py (126, 2023-07-26)
sourcecode\app\configs\datastore.py (151, 2023-07-26)
sourcecode\app\configs\db.py (292, 2023-07-26)
sourcecode\app\configs\eiq_api.py (446, 2023-07-26)
sourcecode\app\configs\logs.py (361, 2023-07-26)
... ...
# EclecticIQ Intelligence Center QRadar App
## App Features
* The EclecticIQ app for Qradar will collect the observables data from the EclecticIQ platform and store it in Qradar reference tables.
* Users will be provided an option for sighting creation by right clicking on the events in the Log Activity and Offenses tab of Qradar.
* Users will be provided with an option to attach the custom action to create sighting. This action can be attached while creating custom rules in Qradar.
* Users will be provided an option to lookup observables by right clicking on the events in the Log Activity and Offenses tab of Qradar.
* Dashboard will be provided with below three widgets
* Sightings by time (histogram)
* Sighting by Confidence (bar chart)
* Sighting by type count (bar chart)
## EclecticIQ Overview
* EclecticIQ Intelligence Center is the threat intelligence solution that unites machine-powered threat data processing and dissemination with human-led data analysis without compromising analyst control, freedom or flexibility.
* EclecticIQ Intelligence Center consolidates vast amounts of internal and external structured and unstructured threat data in diverse formats from open sources, commercial suppliers, and industry partnerships. This data becomes a collaborative, contextual intelligence source of truth.
* EclecticIQ data processing pipeline ingests, normalizes, transforms, and enriches this incoming threat data into a complex, and flexible data structure. Next, our technology optimizes and prioritizes this data to help identify the most critical threats more rapidly.
* For total flexibility, EclecticIQ Intelligence Center disseminates intelligence as reports for stakeholders or as machine-readable feeds that integrate with third-party controls to improve detection, hunting, and response.
* EclecticIQ Intelligence Center offers cloud-like scalability and cost-effectiveness within your trusted environment.
## Installation
### Create a build file
1. Select `app`, `container` directory, and `manifest.json` file.
2. Zip above directories and files together in a a file `<4 digit number>`. e.g. `1952.zip`
3. Open `extension.xml` file.
4. In `application_zip` XML tag, change the `filedata` tag value to match to the zip file, e.g.
```xml
extension/1952.zip
```
5. Change the `id` tag value in `application_zip` to match to the zip file. E.g.
```xml
/store/qapp/1952/1952.zip
```
6. Create Directory name matching with `filedata` tag value. E.g. `extension`.
7. Copy zipped file in this directory.
8. Select directory created in step `6` above, `extension.xml` and `manifest.txt` file.
9. Create a new Zip filed with name matching the directory name created in step `6` above. E.g. `extension.zip`
近期下载者:
相关文件:
收藏者: