IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Level Up Analyst Skills using QRadar Investigation Assistant based on watsonx.ai and ML

By Ralph Belfiore posted yesterday

  

Hey community,

last week I started my first experience with watsonx.ai and QRadar Investigation Assistant App for QRadar SIEM. I decided to start my first hands-on session, level up my skills as an analyst dealing with investigation of QRadar Offenses supported by AI and ML (machine learning). 

General

Installing the app and configuration is straightforward as described here:

installing-qradar-investigation-assistant-app

Hands-on | Expectations

Only by getting hands-on I can form my own opinion as to whether and how this extension, incorporating AI, can really help me as an analyst. This is the only way I can find out what results are currently being delivered and whether it really helps me as an analyst to make better decisions for resolving the reported IOCs. 

Above all, with a view to saving time and improve myself as an analyst in terms of content.

First Insights

The new QRadar Investigation Assistant App noticeably elevates Threat Hunting and Incident Response. It does not replace or avoid manually searching through logs, the assistant, but it enriches the Offense Summary with recommendations and hints further to investigate.

For me this is as for today the first value add as analyst getting a better reflection of what is happening. Another aspect of learning is, to lean how to ask or deal with the prompt results to get maybe a better output asking different. 

First Impression from the Field

Anyone who tries the Investigation Assistant quickly notices: this is not a marketing gimmick, but a real SOC opportunity. Most impressive is how fast even less experienced analysts can handle complex investigations. watsonx.ai transforms raw data into meaningful context enrichment – turning analysts to get better in confident decisions.

Conclusion

The app doesn’t just make QRadar faster — but it makes it smarter. AI-driven context, helpful recommendations, and automated IOC enrichment deliver tangible relief for SOC teams. A true enrichment that helps to make progress in your CyberSecurity Strategy and helps respond and repair earlier.

Regards,

Ralph

#watsonx.ai #IBMQRadar #IBMSecurity

0 comments
8 views

Permalink

https://community.ibm.com/community/user/blogs/ralph-belfiore1/2025/11/24/level-up-analyst-skills-using-qradar-investigation