To use the watchlist actions in the Log Activity page in the Carbon Black Cloud app for QRadar, you must configure the watchlist action settings.

Prerequisites

Procedure

  1. Open the Carbon Black Cloud app in the QRadar console.
  2. Go to Settings > Actions.
  3. In the Watchlist Name field, enter the name of the watchlist in the Carbon Black Cloud console to receive the IOCs.
  4. In the Report Prefix field, enter a prefix to the watchlist report. This is the report in which IOCs are added from the app in the Carbon Black Cloud console.
  5. In the Report Severity dropdown list, select the severity to apply to the report created in the watchlist.

    Settings > Actions parameters for Watchlist actions

  6. Click Save.