Security Intelligence Latest
Security Intelligence Latest Courses:
This video demonstrates how to install QRadar Advisor with Watson and how to perform the initial setup.
The video covers the prerequisites you need for the app and all the settings that are relevant to the new configuration.
IBM Security QRadar Advisor with Watson (QRAW) can help drive significant improvements in your SOC operations. QRadar Advisor with Watson can tap into accurate and comprehensive data to investigate any offense, asset, user, or user activity. QRadar Advisor with Watson can substantially improve analysts’ productivity, increase their effectiveness, and reduce the time and effort it takes to collect data and investigate offenses and users. However, integrating the information and insights from QRAW into well-established SOC processes might not be straight forward.
The intent of this document is to give guidance on how QRAW can help analysts. It provides specific examples of how to integrate the data, information, and insights into current SOC operations. It assumes that your QRadar environment is tuned and that QRAW is configured properly.
The following topics are covered in this document:
- Where does QRAW fit in the Threat Management process
- Tier 1 analyst: Defines the typical role of a Tier 1 analyst and highlights specific ways that QRAW can assist them
- Tier 2 analyst: Defines the typical role of a Tier 2 analyst and highlights specific ways that QRAW can assist them
- Tier 3 analyst: Defines the typical role of a Tier 3 analyst and highlights specific ways that QRAW can assist them
- Other features in QRAW you can use to improve SOC operations
In this video series, Jose Bravo explains how to use the IBM Security QRadar Use Case Manager App to keep your QRadar deployment properly tuned using the following parts:
- Noisy offenses
- Rules with the most CRE events
- Network Hierarchy
- Building Blocks and Reference Sets
Based on real-world best practice experience, Jose Bravo explains several tuning approaches to IBM Security QRadar User Behavior Analytics deployments, covering the following aspects:
- Importing users the right way
- Indexing properly
- What log sources to use
- Utilizing asset information
- Risk threshold and other app settings
- Enabling and tuning rules