QRadar Advisor with Watson
Getting Started with QRadar Advisor with Watson
This roadmap outlines fundamental courses intended for someone who works with IBM QRadar Advisor with Watson. These courses introduce you to cognitive analytics and the QRadar Advisor architecture and deployment models and help you to deploy QRadar Advisor into your overall QRadar environment.
Review the following courses to learn about QRadar Advisor concepts and architecture and how to use the cognitive analytics capabilities for your threat investigations.
Study the following courses to become familiar with the QRadar Advisor installation and how to configure and optimize the application for your deployment.
In the following courses, you learn about various use cases and how QRadar Advisor can empower Security Analysts by reducing the time for investigations, and how it enriches the findings by using information discovered by Watson.
In this lab, you learn how to configure and use the QRadar Advisor with Watson app in a QRadar offense investigation.
You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor knowledge
The lab provides an overview of the Cyber Adversary Framework Mapping Application. This app is used to map your custom rules to MITRE ATT&CK tactics and override the IBM default rule mappings.
Learn about QRadar configuration changes and updates necessary for a successful QRadar Advisor with Watson investigation
Extract custom properties from various log sources
Update relevant reference sets
Create QRadar rules
Enable X-Force threat intelligence feed
Update network hierarchy and critical assets
Configure QRadar SIEM and QRadar Advisor to show files that were executed or that were blocked on the systems that are monitored by QRadar SIEM
Update the QRadar Advisor configuration to use proper custom mappings
Learn how to run investigations and interpret the QRadar Advisor knowledge graph
- Configure and use the Cyber Adversary Framework Mapping Application