I'm very pleased to announce that we have just released IBM QRadar Advisor with Watson v2.6 to the IBM Security App Exchange.
The focus of our newest release was to integrate QRadar Advisor with Watson (Advisor) with QRadar Analyst Workflow, the new UI for QRadar that became available earlier this year. Analyst Workflow is designed to streamline offense management and consolidate investigation in a modern user interface. With the addition of QRadar Advisor with Watson, Analyst Workflow can further support analysts with automated triage and threat investigation.
With both Advisor and the Analyst Workflow app installed, the analyst will be able to leverage Advisor’s Offense Priority AI Model evaluation right from the list of offenses. With a quick glance, they will be able to see which offenses are a high priority, which ones are low priority, and which ones still need to be investigated. The integration also provides additional filters so that you can filter out the low priority offenses to concentrate on the high priority ones.
When looking at the offense details, Advisor surfaces useful information at-a-glance, including Mitre ATT&CK TTPs, threat actors, malware, assets, users, and related investigations.
As the analyst starts to examine Advisor’s detailed knowledge graph, they can click on a node or an edge (the connection between nodes) to reveal more information, enabling the analyst to examine the actual underlying events and flows of that relationship.
Additionally, the “View Events” link will bring you to QRadar’s latest event viewer which allows the analyst to examine, filter, and search the information in a much more efficient manner.