IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How to document and prioritize use cases siem ?

    Posted Wed March 18, 2020 02:30 PM

    Good morning, people.

    I am in the process of optimizing the entire SIEM environment.

    I did some research and didn't find anything so viable about the use cases.

    Do you have any method of creation, prioritization and use cases?

    How to define which use case is more or less critical?

    How to document your use cases?

    Did you use any framework or process for this action?

    Thank you.



    ------------------------------
    Luiz Felipe
    ------------------------------


  • 2.  RE: How to document and prioritize use cases siem ?

    Posted Thu March 19, 2020 01:43 AM
    @Luiz Felipe there is an entire book of SIEM Usecases and  relevant topics.Please do read as you can get each and every thing you questioned about.

    Blue Team Handbook: Soc, Siem, and Threat Hunting Use Cases: A Condensed Field Guide for the Security Operations Team by DonMurdoch



    ------------------------------
    Abdul Qudoos
    ------------------------------

    Original Message


  • 3.  RE: How to document and prioritize use cases siem ?

    Posted Thu March 19, 2020 04:30 AM
    Hi Felipe,

    Use Case Manager and MITRE Att@ck framework is the way to go.
    Please start from here and follow install instructions 

    Regards
    Karl Jaeger

    ****************************************************

    pro4bizz GmbH
    Geschäftsführer: Ralph Belfiore, Karl Jaeger
    Sitz: Bocksdornweg 62, 76149 Karlsruhe, Germany
    Registergericht: Amtsgericht Mannheim HRB 724992
    Ust.-ID: DE306484314
    protect.your.business IT-Strategie - Security First!
    fon +49(0)721. 909 81 720
    fax +49(0)721. 909 81 728
    https://www.pro4bizz.de




    Original Message