IBM Security QRadar

Announcing Updates to QRadar Analyst Workflow - UBA, Watson, Pulse and Use Case Manager

By Jeremy Goldstein posted Tue November 17, 2020 04:30 PM


What's new with QRadar Analyst Workflow?

In June, we introduced the new look for QRadar that was rebuilt from the ground up to accelerate the mission-critical work of security analysts. Since it's launch, hundreds of QRadar users have downloaded and adopted Analyst Workflow, streamlining offense management and consolidating their investigation experience.

Our development teams have been hard at work and delivered numerous quality of life enhancements to the core UI, including one-click drill-downs, additional threat intelligence enrichment, and improvements to quick searches. The latest version of Analyst Workflow is available as a free app on the IBM Security App Exchange.

But as we know, QRadar is not a point solution, with organizations deploying numerous value-add apps and integrations to extend their visibility and detection coverage. And with that, we knew we needed to not just modernize the core platform, but the ecosystem of apps our users utilize most.

You favorite QRadar apps, reimagined

We are excited to bring the most popular apps for QRadar - User Behavior Analytics (UBA), QRadar Advisor with Watson, Pulse, and Use Case Manager - into the modern QRadar Analyst Workflow. These apps have been tightly woven into Analyst Workflow, providing additional analytics, visualizations, context and enrichment for the security analyst.

QRadar Advisor with Watson

With the addition of QRadar Advisor with Watson, Analyst Workflow can further support analysts with automated triage and threat investigation. With QRadar Advisor with Watson and Analyst Workflow, security analysts can use the offense priority AI model to quickly triage offenses.

QRadar Advisor with Watson priority
Advisor automatically investigates to surface useful information to analysts at-a-glance, including  MITRE ATT&CK TTPs, threat actors, malware, assets, users, and related investigations.

Read the blog to learn more about the newest release of QRadar Advisor with Watson

QRadar Advisor with Watson MITRE ATT&CK overview

Pulse Dashboards

Take the pulse of your SOC with dynamic real-time dashboards that provide meaningful insights into your security posture and threat landscape. Visualize offenses, network data, threats, malicious user behavior, and cloud environments from around the world in geographical maps, a built-in 3D threat globe, and auto-updating charts. See offenses unfold near real-time and track your security threats from around the globe.

With the new release of Pulse, users can create and share dashboards or widgets - from data within QRadar (via AQL) or data outside of QRadar (via API).

Read the blog to learn more about the newest release of Pulse

Use Case Manager

From within Analyst Workflow, use the guided tips in Use Case Manager to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain.

QRadar Use Case Manager includes a use case explorer that offers flexible reports related to your rules. The app also exposes pre-defined MITRE mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

Read the blog to learn more about the newest release of Use Case Manager


User Behavior Analytics

User Behavior Analytics is one of the most utilized apps in the IBM Security App Exchange. As a free addition to QRadar, it provides insider threat detection through advanced behavioral models and machine learning. In UBA 3.9 (coming in Q4'2020), the user experience has been upgraded with a new look and feel.

Additionally, as part of Analyst Workflow, UBA insights can now be accessed from within an Offense by clicking on an individual user. In this slideout, you can see additional enriched information, such as the user's overall risk score, behavioral anomalies detected, and if they are part of any user watchlists.

See the debut of the new apps

Join the unveiling of the new QRadar live tomorrow November 17th at 11 AM EDT and get a tour of what's. Learn more about the roadmap for QRadar Analyst Workflow and how to try it.