Qradar: IOCs Detection Script is a python script to help you search for IOCs in your environment through Qradar's logs using its API.
Qradar: IOCs Detection Script is a python script to help you search for IOCs in your environment through Qradar's logs using its API.
The Script can deal with the following types of IOCs:
- MD5
- SHA1
- SHA256
- URL
- Domain
- IP Address
- Email Sender
- Sender Domain
Project is created with:
- base64.
- json.
- requests.
- getpass.
- csv.
- re.
- pandas.
- python 3.6 or higher.
To run this project, install all the required libraries first then confiure the python script as follows:
- Update the host variable with your Qradar's IP Address.
- Configure the search_period variable to your liking, please follow qradar's documentation in order not to break the search query.
- Adjust each search query to your corresponding field name in your environment.
- Then, Run the script using the following command:
$ python qradar_iocs.py
Tested with a set of IOCs:
C:\Users\<current user>\Desktop> python qradar_iocs.py
Welcome to
__ __ __ __ __ __ __ __ ___ ___ ___ __ ___ __
/ \ |__) /\ | \ /\ |__) . | / \ / ` /__` | \ |__ | |__ / ` | | / \ |\ |
\__X | \ /~~\ |__/ /~~\ | \ . | \__/ \__, .__/ |__/ |___ | |___ \__, | | \__/ | \|
Version: 1.0
By: Mohab El-Banna
Github: Mouhab-dev
Password: