IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Custom Use cases

1. Custom Use cases

Like
ahad
Posted Wed January 25, 2023 09:19 AM
Edited by ahad Mon December 25, 2023 12:05 AM

Reply
Is there a consolidated place where the community is collaboratively creating use case and posting them. i have always though it would make so much sense for it to be a thing but dont know if it already being done somewhere

------------------------------
ahad
------------------------------
2. RE: Custom Use cases

Like
Christopher Williams
Posted Thu January 23, 2025 04:37 PM

Reply
I agree. This is a common thing in Splunk and seems like it should be encouraged for QRadar, as well

------------------------------
Christopher Williams
------------------------------

Original Message
3. RE: Custom Use cases

Like
Abdul Quadeer
Posted Sat March 08, 2025 02:33 PM

Reply
Hi,

As said by Cristopher it should be delivered by community people. What i found that Splunkers are more active than QRadar people.

However, now you can convert any Sigma/Yara rule to QRadar rule, i hope you find some useful Sigma usecase. There is an app to do this "YARA and Sigma Manager" something, try it out.

------------------------------
Abdul Quadeer
------------------------------

Original Message
4. RE: Custom Use cases

Like
Shivam Sharma
Posted Tue March 11, 2025 02:34 AM

Reply
Hey Abdul,

Correct you can utilise the Yara and Sigma Rule Manager App to try out new use cases and create detection rules. It has an example embedded in the app itself so you can install and get started right away. We can think along the lines of sharing github repositories from community over at the app if we get good responses so please do keep the engagement going strong! Thanks.

------------------------------
Shivam Sharma
Product Manager
IBM
------------------------------

Original Message

IBM QRadar

IBM QRadar

Custom Use cases

ahadWed January 25, 2023 09:19 AM

Christopher WilliamsThu January 23, 2025 04:37 PM

Abdul QuadeerSat March 08, 2025 02:33 PM

Shivam SharmaTue March 11, 2025 02:34 AM

1. Custom Use cases

2. RE: Custom Use cases

3. RE: Custom Use cases

4. RE: Custom Use cases

Additional
Resources

Office

Quick Links

IBM QRadar

IBM QRadar

Custom Use cases

ahadWed January 25, 2023 09:19 AM

Christopher WilliamsThu January 23, 2025 04:37 PM

Abdul QuadeerSat March 08, 2025 02:33 PM

Shivam SharmaTue March 11, 2025 02:34 AM

1. Custom Use cases

2. RE: Custom Use cases

3. RE: Custom Use cases

4. RE: Custom Use cases

Related Content

QRadar natively supports SIGMA for rules creation

Highlights of QRadar Content (Blog Posts references)

QRadar and SIGMA: Map your own Custom Properties and Log Sources Types

YARA & Sigma Rule Manager, Permissions for Adding/Enabling Rules

QRadar YARA Rule Manager App awesome updates

Additional Resources

Office

Quick Links

Additional
Resources