search

siriussecurity / dettectinator

Dettectinator - The Python library to your DeTT&CT YAML files.
GNU General Public License v3.0
104 stars 12 forks source link

Question: Have you ever dealt/Applied Dettectinator to QRadar? #9

Closed Hackcidental closed 1 year ago

Hackcidental commented 1 year ago

Hi,

Thank you for the good work with Dettectinator. The title pretty much sums it up. We're trying to implement Dettectinator with QRadar, I think that with the CVS import we can do something, but maybe you've faced this already in the past. Thank you!

mveken commented 1 year ago

Hi, No we do not and we don't have access to a Qradar instance to try things out. I briefly looked at the API specs and this looks like what you might want to use: https://www.ibm.com/docs/en/qsip/7.5?topic=apis-report-column-codes-report

Hope this helps, and otherwise look you said, if you're able to create a CSV with rules and techniques you can always use that for the import.

Regards, Martijn

Hackcidental commented 1 year ago

Hi,

Thank you for the answer. I will look into the API you mention. Regards,

Matteo

mveken commented 1 year ago

Yes, let me know if you can get it to work. It's hard for me to create something without access to Qradar, but always happy to help out if you run into any issues.