Which two (2) open standards does the QRadar Threat Intelligence app use for feeds?

Which two (2) open standards does the QRadar Threat Intelligence app use for feeds?
A . TAXII
B . AQL
C . STIX
D . JSON
E . OSINT

View Answer

Answer: A, C

Explanation:

The QRadar Threat Intelligence app uses open standards to integrate and utilize threat intelligence feeds effectively.

The two key standards used are:

TAXII (Trusted Automated eXchange of Indicator Information): This is an application layer protocol used for exchanging cyber threat intelligence over HTTPS. It enables the sharing of threat information across different systems and organizations.

STIX (Structured Threat Information eXpression): This is a standardized language used for representing structured cyber threat information. STIX enables the consistent and machine-readable representation of threat data, facilitating the integration and analysis of threat intelligence.

These standards ensure that threat intelligence data is formatted and exchanged in a consistent and interoperable manner, enhancing the overall effectiveness of the threat intelligence processes in QRadar.

Reference

The IBM QRadar SIEM documentation and threat intelligence app configuration guides describe the use of TAXII and STIX for integrating threat intelligence feeds.