Security Intelligence Latest Courses (1):


In this lab, you learn how to configure and use the QRadar Advisor with Watson app in a QRadar offense investigation. You can download QRadar Advisor with Watson from the IBM Security App Exchange, but you must have a valid subscription to configure and run the app. In this lab, you can use the app without activating your paid subscription or enrolling in a 30-day free trial. You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor knowledge graphs. 

The lab provides an overview of the Cyber Adversary Framework Mapping Application. This app is used to map your custom rules to MITRE ATT&CK tactics and override the IBM default rule mappings.

The QRadar Advisor with Watson app V2.0.0 automatically maps MITRE ATT&CK tactics to CRE rules. In the QRadar Advisor with Watson app, you can see the tactics that are identified for an offense investigation, a search, and displayed in the offense details pane.