TIM - QRadar Add IP Indicators

This playbook queries indicators based on a pre-defined query or results from a parent playbook, and adds the resulting indicators to a QRadar Reference Set. The Reference Set name must be defined in the playbook inputs.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • QRadar

Scripts

This playbook does not use any scripts.

Commands

  • qradar-update-reference-set-value
  • appendIndicatorField

Playbook Inputs


NameDescriptionDefault ValueRequired
QRadarBlackListIPReferenceSetNameThe name of the QRadar black list IP reference set to insert the data to.Optional
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
QRadarWhiteListIPReferenceSetNameThe name of the QRadar white list IP reference set to insert the data in to.Optional
QRadarWatchListIPReferenceSetNameThe name of the QRadar watch list IP reference set to insert the data in to.Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Playbook Image