IBM QRadar

Hi guys

I wanted to talk with you about a platform where you can look at the Mitre mapping of the QRadar content with another view. The platform I am talking about is Tidal (Tidal website).

What Tidal allows you to do is to pivot in the att&ck matrix in many ways, highlighting where you might want to increase your detection coverage for specific threats.

As an example, you can select the specific threats you want to monitor and they will be highlighted with a colour coding that makes it easy to understand the techniques you should focus on in priority to be efficient. 

In the example below, you can instantly see that "Data Encrypted for Impact" is a technique common to 4 out of the 6 threats I selected. In this case, this technique and the techniques leading to it should probably be higher in the list of priorities for detection / prevention implementation.

Personally, I find that really cool, the tool is easy to use and the colours make it super clear. For sure we will be using this functionality to understand where our coverage should be expanded.
If you want to know more about our position with Mitre and our detection strategy in general, I invite you to watch the Tidal interview of our Threat Management CTO, Jason Keirstead, here on youtube.

I wanted to share this tool with you, hoping it will help you find the content extensions you want to install. See below how I dug into the "Remote Desktop Protocol" technique to find that QRadar covers that technique in 4 different content extensions (including my go-to, the Endpoint Content Extension ;) )

I hope you'll find this helpful and that it will make your coverage easier to understand. 

#Highlights-home
#Highlights