An official EclecticIQ app that integrates threat intelligence observables into IBM QRadar for enhanced threat hunting and incident response.
The official EclecticIQ Intelligence Center QRadar App
This tool is used by security analysts and SOC teams to enrich QRadar SIEM with threat intelligence data from EclecticIQ Intelligence Center, enabling more effective threat hunting and automated incident investigation. It allows users to create sightings and perform observable lookups directly within QRadar, improving situational awareness and response times.
This app requires IBM QRadar environment for deployment and operation. Users should ensure proper version compatibility between EclecticIQ Intelligence Center and QRadar. The installation involves manual packaging and XML configuration updates, so careful attention to file naming and paths is essential to avoid deployment errors.
Select the app, container directory, and manifest.json file
Zip these directories and files together into a file named with a 4-digit number, e.g. 1952.zip
Open the extension.xml file
Update the <filedata> tag in application_zip XML to match the zip file name, e.g. <filedata>extension/1952.zip</filedata>
Update the <id> tag in application_zip to match the zip file path, e.g. <id>/store/qapp/1952/1952.zip</id>
Create a directory named as per the filedata tag value, e.g. extension
Copy the zipped file into this directory
Select the created directory, extension.xml, and manifest.txt files
Create a new zip file named after the directory, e.g. extension.zip