Security Intelligence Latest
Security Intelligence Latest Courses:
The server discovery function uses the Asset Profile database to discover different server types that are based on port definitions. Then, you can select the servers to add to a server-type building block for rules.
The server discovery function is based on server-type building blocks. Ports are used to define the server type. Thus, the server-type building block works as a port-based filter when you search the Asset Profile database.
Using properly defined servers and host definition building blocks will allow for improved QRadar tuning, and to avoid false positives.
In this video, you learn how to perform server discovery and manage host definition building blocks.
IBM QRadar uses the network hierarchy objects and groups to organize network activity and monitor groups or services in your network.
When you develop your network hierarchy, consider the most effective method for viewing network activity. The network hierarchy does not need to resemble the physical deployment of your network. QRadar supports any network hierarchy that can be defined by a range of IP addresses. You can base your network on many different variables, including geographical or business units.
In this course, you learn about the following Network Hierarchy fundamentals:
- Part 1 - Network Hierarchy Basics
- Part 2 - Structuring your Network Hierarchy
- Part 3 - Keeping the Network Hierarchy Updated
Insider threats account for 60 percent of cyber attacks, and they are incredibly difficult to detect. In fact, most cases go unnoticed for months or years. Regardless of whether the insider is a malicious employee or a contractor whose credentials have been compromised, security teams need the ability to quickly and accurately detect, investigate and respond to these potentially damaging attacks.
QRadar User Behavior Analytics (UBA) analyzes user activity to detect malicious insiders and determine if a user’s credentials have been compromised. Security analysts can see risky users, view their anomalous activities, and drill down into the underlying log and flow data that contributed to a user’s risk score. As an integrated component of the QRadar Security Intelligence Platform, UBA leverages out of the box behavioral rules and machine learning (ML) models to adds user context to network, log, vulnerability and threat data to more quickly and accurately detect attacks.