In this lab, you learn how to configure and use the QRadar Advisor with Watson app in a QRadar offense investigation.

You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor knowledge graphs.

The lab provides an overview of the Cyber Adversary Framework Mapping Application. This app is used to map your custom rules to MITRE ATT&CK tactics and override the IBM default rule mappings.

Objectives

• Learn about QRadar configuration changes and updates necessary for a successful QRadar Advisor with Watson investigation

• Extract custom properties from various log sources

• Update relevant reference sets

• Create QRadar rules

• Enable X-Force threat intelligence feed

• Update network hierarchy and critical assets

• Configure QRadar SIEM and QRadar Advisor to show files that were executed or that were blocked on the systems that are monitored by QRadar SIEM
  

• Update the QRadar Advisor configuration to use proper custom mappings

• Learn how to run investigations and interpret the QRadar Advisor knowledge graph

• Configure and use the Cyber Adversary Framework Mapping Application
  

This course explains how to use the QRadar SIEM Tuning Report, which lists the rules that are being matched most frequently over a specific time period.

Managing the configuration of false positives can help minimize the impact on legitimate threats and vulnerabilities in QRadar. 

In this course, we demonstrate how you can tune false positive events and flows to prevent them from creating offenses in QRadar.

This video is intended for administrators who update and maintain their QRadar deployment.  The goal is to provide details for having a smooth QRadar upgrade by discussing various upgrade pre-checks, upgrade methods, and offer tips and tricks to help you have a quick and trouble free upgrade.

Using a particular use case, this video demonstrates how to take advantage of reference data collections in QRadar SIEM.

With the QRadar Experience Center App, you run a scenario that simulates an attack triggered by a spam email that allows the launch of a command shell, which helps a suspicious OS to log into an Amazon Web Services (AWS) environment and starts creating multiple instances on this cloud environment. It ends with the downloaded backup data from an S3 bucket.. 

In this video, you learn how to investigate this type of situation by using the provided sample data in QRadar SIEM.