How to integrate Kaspersky Threat Data Feeds with QRadar

Kaspersky offers the two ways of integrating Kaspersky Threat Data Feeds with the QRadar Network Security Control Platform:

• By using Kaspersky CyberTrace. For instructions, follow the steps below.
• By using the import utility for QRadar.See the guide below.

Kaspersky CyberTrace

Kaspersky CyberTrace is a complex software platform that allows you to check URLs, file hashes, and IP addresses in events arriving in QRadar. The URLs, file hashes, and IP addresses are checked against Kaspersky Threat Data Feeds or feeds from other vendors and sources uploaded to Kaspersky CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event with information on necessary actions to take.

To configure the Kaspersky CyberTrace integration with QRadar:

1. Download the installation file for Kaspersky CyberTrace from this article.
2. Configure the integration using these instructions.

The import utility of Kaspersky Threat Data Feeds for QRadar

The import utility is designed for integration of Kaspersky Threat Intelligence data feeds with the QRadar platform and for importing indicators from the feeds to the QRadar reference data sets. The utility also identifies the risks and implications connected with information security breaches and defends against cyberattacks before they may occur.
The import utility for QRadar is a Python application, it does not contain binary files.

After importing indicators, you will be able to check incoming QRadar events against them. The Custom Rules Engine (CRE) module of QRadar can check whether incoming events contain the records stored in reference data sets and respond depending on your settings.

You can get the import utility of Kaspersky Data Feeds for QRadar by sending a request to intelligence@kaspersky.com.