TIM - QRadar Add Domain Indicators

This playbook queries indicators based on a pre-defined query or results from a parent playbook, and adds the resulting indicators to a QRadar Reference Set. The Reference Set name must be defined in the playbook inputs.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • QRadar

Scripts

This playbook does not use any scripts.

Commands

  • qradar-update-reference-set-value
  • appendIndicatorField

Playbook Inputs


NameDescriptionDefault ValueRequired
QRadarBlackListDomainReferenceSetNameThe name of the QRadar black list Domain reference set to insert the data to.Optional
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
QRadarWhiteListDomainReferenceSetNameThe name of the QRadar white list Domain reference set to insert the data in to.Optional
QRadarWatchListDomainReferenceSetNameThe name of the QRadar watch list Domain reference set to insert the data in to.Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Playbook Image