IBM Security QRadar

QRadar Advisor with Watson 2.6 brings AI-powered investigations to Analyst Workflow UI

By J.O. Leger posted Fri October 16, 2020 01:22 PM


I'm very pleased to announce that we have just released IBM QRadar Advisor with Watson v2.6 to the IBM Security App Exchange

The focus of our newest release was to integrate QRadar Advisor with Watson (Advisor) with QRadar Analyst Workflow, the new UI for QRadar that became available earlier this year. Analyst Workflow is designed to streamline offense management and consolidate investigation in a modern user interface. With the addition of QRadar Advisor with Watson, Analyst Workflow can further support analysts with automated triage and threat investigation. 

With both Advisor and the Analyst Workflow app installed, the analyst will be able to leverage Advisor’s Offense Priority AI Model evaluation right from the list of offenses. With a quick glance, they will be able to see which offenses are a high priority, which ones are low priority, and which ones still need to be investigated.  The integration also provides additional filters so that you can filter out the low priority offenses to concentrate on the high priority ones.

QRadar Advisor with Watson priority

When looking at the offense details, Advisor surfaces useful information at-a-glance, including  Mitre ATT&CK TTPs, threat actors, malware, assets, users, and related investigations.

 QRadar Advisor with Watson MITRE ATT&CK overview

As the analyst starts to examine Advisor’s detailed knowledge graph, they can click on a node or an edge (the connection between nodes) to reveal more information, enabling the analyst to examine the actual underlying events and flows of that relationship. 

 QRadar Advisor with Watson knowledge graph

Additionally, the “View Events” link will bring you to QRadar’s latest event viewer which allows the analyst to examine, filter, and search the information in a much more efficient manner.

QRadar Analyst Workflow events viewer