I am currently trying to integrate the TAXII Feed provided by Alienvault OTX into QRadar.
Now I have the problem that no IOCs are retrieved from the TAXII server.
The feed is shown in the list of taxii feeds in Qradar, bus just isn't polled in regular intervalls and nothing is being retrieved.
Has anyone had the same issue before? And how do you select which type of IOC you want to get (IPv4, domains, etc.), because how I see it, you can only select the default Alienvault Feed (still doesn't get me anything).
amiperl
commented
5 years ago
I am currently trying to integrate the TAXII Feed provided by Alienvault OTX into QRadar. Now I have the problem that no IOCs are retrieved from the TAXII server.
The setup is "working", I followed the instructions described in this link: https://otx.alienvault.com/api.
The feed is shown in the list of taxii feeds in Qradar, bus just isn't polled in regular intervalls and nothing is being retrieved.
Has anyone had the same issue before? And how do you select which type of IOC you want to get (IPv4, domains, etc.), because how I see it, you can only select the default Alienvault Feed (still doesn't get me anything).
Thanks