IBM Security QRadar

 View Only

Highlights of QRadar Content (Blog Posts references)

By Gladys Koskas posted Wed May 25, 2022 05:44 AM

  
Hi guys


This post is meant to be a central place where you can find all the blog posts related to QRadar Content.
If there is one page to bookmark, it is this one !

I added a table with all the quick links to the blog posts, then a summary of their content.

Deep dive

Everything you need to know about QRadar Rules (for beginners and experts)

Content management using the API

Get SIGMA content optimized for QRadar !

 

 

 

 

Content pack related

 

 

 

 

QRadar natively supports SIGMA for rules creation

Reaqta and Randori content

IBM Security's Cost of a Data Breach report and QRadar content

 

Endpoint Monitoring

Diving into Windows UAC Bypasses by Nigel Sood

Link

QRadar YARA Rule Manager App awesome updates

X-Force

 

 

 

Threat Hunting

Detect MOVEit Transfer Zero-Day with QRadar Log Insights

Get a new perspective on your Mitre Mapping

Microsoft Exchange RCE vulnerabilities - Sept 2022

Deep dive

Everything you need to know about QRadar Rules (for beginners and experts)

Link
This blog is an advanced documentation to learn everything from "what are the different types of rules" to "how does the correlation engine processes the rules
 

Content management using the API

Link
This blog shows how to export and import content using the API

Get SIGMA content optimized for QRadar !

Link
This blog explains how the IBM team has updated the script that converts SIGMA rules to AQL so it would generate better performing content

Content pack related

QRadar natively supports SIGMA for rules creation

Link

This blog highlight how the YARA and SIGMA rule manager app can help import dozens of SIGMA rules in QRadar in a few seconds

 

ReaQta and Randori Content

Link

This blog highlights the parsing work done for ReaQta and Randori as well as how to implement EDR and ASM content


IBM Security's Cost of a Data Breach report and QRadar content

Link
This blog post extracts a few highlights of the Cost of a Data Breach 2022 report and shows how to quickly implement some detections and responses for the biggest attack vectors and threats


This blog is a review of H1 2021. It shows:
- The new content for Hybrid-Cloud environments
- CEP Rebaselining
- The new Custom Properties that have been released
- And other essentials

Diving into Windows UAC Bypasses

Link
This blog explains how the Endpoint content extension can help detection dozens of exploitation of the Windows User Access Control.

QRadar YARA Rule Manager App awesome updates

Link
This blog shows the updates that have been made in the version 1.2.0 of the app, with an improvement of the searching capabilities and namespaces update.


X-Force


This blog explains how X-Force and QRadar integrate with each other as well as the different service options available

Threat Hunting

Detect MOVEit Transfer Zero-Day with QRadar Log Insights

Link

Learn how to investigate MOVEit Transfer Zero-Day with QRadar Log Insights

Get a new perspective on your Mitre Mapping

Link

Learn about our integration in Tidal and get a new perspective on your QRadar content Mitre mapping to prioritize use cases.

Microsoft Exchange RCE vulnerabilities - Sept 2022




#QRadar
#Spotlight

0 comments
1561 views

Permalink