QRadar Advisor with Watson

Click roadmap title to expand/collapse roadmap

QRadar Advisor with Watson Roadmap

The total time required to complete this roadmap is 8h 15m.

This roadmap outlines fundamental courses intended for someone who works with IBM QRadar Advisor with Watson. These courses introduce you to cognitive analytics and the QRadar Advisor architecture and deployment models and help you to deploy QRadar Advisor into your overall QRadar environment.


Overview

Review the following courses to learn about QRadar Advisor concepts and architecture and how to use the cognitive analytics capabilities for your threat investigations.


QRadar preparation

Before you install and configure QRadar Advisor with Watson, you must tune your QRadar deployment to leverage the QRadar Advisor analytic capabilities in the best way.


Setup and installation

During the installation process, you must address specific critical configuration parameters to make your QRadar Advisor as efficient as possible.


Configure QRadar Advisor with Watson

Once QRadar Advisor is installed, you can leverage certain features to improve your experience with the application.


Investigations

In this learning path, we present examples of how you can best leverage QRadar Advisor's potential during your investigations.


Onboarding guide for IBM Security QRadar Advisor with Watson

IBM Security QRadar Advisor with Watson (QRAW) can help drive significant improvements in your SOC operations. Installing, configuring, and tuning QRadar Advisor with Watson is simple. However, you need to ensure that you have both QRadar and QRadar Advisor with Watson set up and configured properly to deliver the objectives and outcomes you and your analysts desire.

Before you install QRadar Advisor with Watson, follow the guidance in this document to ensure that your QRadar is ready with the correct logs and instrumentation. QRadar Advisor with Watson can tap into accurate and comprehensive data to investigate any offense, asset, user, or user activity. QRadar Advisor with Watson can substantially improve analysts’ productivity, increase their effectiveness, and reduce the time and effort it takes to collect data and investigate offenses and users.

This document outlines a two-phased approach. Each phase has a checklist to ensure the proper deployment of QRadar Advisor with Watson in your environment. 

  • Phase 1: Preinstall and prepare QRadar (before you install QRadar Advisor with Watson)
  • Phase 2: Install and configure QRadar Advisor


SOC Integration guide for IBM Security QRadar Advisor with Watson

IBM Security QRadar Advisor with Watson (QRAW) can help drive significant improvements in your SOC operations. QRadar Advisor with Watson can tap into accurate and comprehensive data to investigate any offense, asset, user, or user activity. QRadar Advisor with Watson can substantially improve analysts’ productivity, increase their effectiveness, and reduce the time and effort it takes to collect data and investigate offenses and users. However, integrating the information and insights from QRAW into well-established SOC processes might not be straight forward.

The intent of this document is to give guidance on how QRAW can help analysts. It provides specific examples of how to integrate the data, information, and insights into current SOC operations. It assumes that your QRadar environment is tuned and that QRAW is configured properly.

 

The following topics are covered in this document:

  • Where does QRAW fit in the Threat Management process
  • Tier 1 analyst: Defines the typical role of a Tier 1 analyst and highlights specific ways that QRAW can assist them
  • Tier 2 analyst: Defines the typical role of a Tier 2 analyst and highlights specific ways that QRAW can assist them
  • Tier 3 analyst: Defines the typical role of a Tier 3 analyst and highlights specific ways that QRAW can assist them
  • Other features in QRAW you can use to improve SOC operations