QRadar Advisor with Watson
What's new in QRadar Advisor with Watson V2

QRadar Advisor with Watson helps you automate your repetitive SOC tasks while gaining actionable insights into critical incidents faster and to adopt a quicker and more decisive escalation process. 

Version 2 allows you to align incidents with the MITRE ATT&CK chain and utilize cross-investigation analytics. Through analysis of the local environment, QRadar Advisor V2 recommends, which new investigations should be escalated to assist an analyst with driving quicker and more decisive escalations.

56m      Foundational
Strengthening Security with Cognitive Analytics

Artificial intelligence (AI) is changing the future of cybersecurity. Security professionals need to mine not only structured information but also unstructured data, including human-generated content. Artificial intelligence enables IT teams to reason, learn and provide a context in real time beyond simple analytics patterns.

Armed with this collective insight, security analysts can respond to threats with increased speed, accuracy and confidence.

Mark Brosnan, Mary O’Brien, Anthony O’Callaghan and Ronan Murphy discuss how to stay ahead of the game in today’s rapidly evolving landscape.

This Panel Discussion about "Strengthening Security With Cognitive Analytics And Intelligent Integration" has been recorded at the Zero Day Con 2017, and it is reproduced here with the permission of ZDC, February 2018.

Ja
22m      Foundational
QRadar Advisor with Watson - Technical deep dive

In this four-part course you learn the fundamental details of QRadar Advisor with Watson.

The first video provides background information about cognitive computing and Artificial Intelligence (AI), and how QRadar Advisor with Watson fits into that space. Then the video explains how IBM Watson is used in cyber security and, specifically, in QRadar.

The second video explains typical responsibilities of the security analyst job role. Then, it explains how those security analysts can use QRadar Advisor with Watson to assist them in their threat analysis and investigation.

The third video describes standard terminology and the individual components of QRadar Advisor with Watson, and how they can be utilized.

Finally, a real-world use case demonstration of a user related investigation shows how QRadar Advisor with Watson is being used to shorten the investigation and response times when it really matters.

Ja
50m      Foundational
QRadar Advisor with Watson - Investigation and Analysis

In this four-part video, we explain how QRadar Advisor with Watson can empower Security Analysts by reducing critical time for investigations and at the same time enriching the findings using the information discovered by Watson.

The first video describes three different investigation methods using QRadar Advisor:

  • Manual
  • Automatic
  • Re-Investigation.
The second video covers the Watson tab in the QRadar console by exploring the three analytical stages that can be used with QRadar Advisor with Watson:
  • Local
  • Watson Insights
  • Expanded Local Context
The third video demonstrates how to use the Watson knowledge graph, and shows details related to malware execution and blocking. The video also explains the export feature and covers the STIX standard.

Finally, a real-world use case demonstration of a user related investigation shows how QRadar Advisor with Watson is being used to shorten the investigation and response times when it really matters.

Ja
45m      Foundational
Optimizing QRadar Advisor with Watson - Open Mic

This video provides a replay of the IBM QRadar Open Mic: "Optimizing QRadar Advisor with Watson" that was hosted on 08 June 2017. The following topics are addressed in this one-hour video:

  • Intro
  • Announcements
  • QRadar tuning review
  • QRadar Advisor with Watson pre-requisites
  • QRadar Advisor with Watson best practices
  • User Interface
  • Getting help

Ja
1h       Intermediate
Installing QRadar Advisor with Watson

This video demonstrates how to install QRadar Advisor with Watson and how to perform the initial setup. The video covers the prerequisites needed for the app and all settings relevant to the new configuration.

En Ja
15m      Intermediate
Investigating offenses by using QRadar Advisor with Watson version 2.x - Virtual lab

In this lab, you learn how to configure and use the QRadar Advisor with Watson app in a QRadar offense investigation.

You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor knowledge graphs.

The lab provides an overview of the Cyber Adversary Framework Mapping Application. This app is used to map your custom rules to MITRE ATT&CK tactics and override the IBM default rule mappings.

The QRadar Advisor with Watson app V2.0.0 automatically maps MITRE ATT&CK tactics to CRE rules. In the QRadar Advisor with Watson app, you can see the tactics that are identified for an offense investigation. They are displayed in the offense details pane.

Objectives

  • Learn about QRadar configuration changes and updates necessary for a successful QRadar Advisor with Watson investigation

    • Extract custom properties from various log sources

    • Update relevant reference sets

    • Create QRadar rules

    • Enable X-Force threat intelligence feed

    • Update network hierarchy and critical assets

    • Configure QRadar SIEM and QRadar Advisor to show files that were executed or that were blocked on the systems that are monitored by QRadar SIEM

  • Update the QRadar Advisor configuration to use proper custom mappings

  • Learn how to run investigations and interpret the QRadar Advisor knowledge graph

  • Configure and use the Cyber Adversary Framework Mapping Application




2h       Intermediate
Click roadmap title to expand/collapse roadmap

Getting Started with QRadar Advisor with Watson

This roadmap outlines fundamental courses intended for someone who works with IBM QRadar Advisor with Watson. These courses introduce you to cognitive analytics and the QRadar Advisor architecture and deployment models and help you to deploy QRadar Advisor into your overall QRadar environment.


Overview

Review the following courses to learn about QRadar Advisor concepts and architecture and how to use the cognitive analytics capabilities for your threat investigations.
Strengthening Security with Cognitive Analytics
Foundational
QRadar Advisor with Watson - Technical deep dive
Foundational
What's new in QRadar Advisor with Watson V2
Foundational

Setup

Study the following courses to become familiar with the QRadar Advisor installation and how to configure and optimize the application for your deployment.
Installing QRadar Advisor with Watson
Intermediate
Optimizing QRadar Advisor with Watson - Open Mic
Intermediate

Investigation

In the following courses, you learn about various use cases and how QRadar Advisor can empower Security Analysts by reducing the time for investigations, and how it enriches the findings by using information discovered by Watson.
QRadar Advisor with Watson - Investigation and Analysis
Foundational
Investigating offenses by using QRadar Advisor with Watson version 2.x - Virtual lab
Intermediate