We are excited to release QRadar Cloud Visibility v1.4.0, available now on the IBM App Exchange.
Here are few of the release highlights:
- New All Cloud Offenses Overview dashboard: Easily view all active offenses spanning across your cloud deployments.
- New Cloud integrations guide: View all installed and supported cloud integrations, as well as configure log sources from one place.
- New charts for offenses by MITRE tactic and rule
- Updates to the AWS Account setup: Select multiple regions as well as add multiple ARNs to the Assume Role policy.
What is QRadar Cloud Visibility?
QRadar Cloud Visibility is an app that allows you to easily visualize, filter, and prioritize offenses coming from your multi-cloud deployments. The app comes with pre-built dashboards, filters, and utilities for extended cloud integrations to help you detect cloud security risks (such as cloud misconfiguration in AWS S3 buckets or Azure Blob storage) and identify threats.
What’s new in v1.4.0?
All Cloud Offenses Overview dashboard
A lot of the complexity of securing multiple clouds often boils down to lacking proper visibility, which is one of the reasons we created the Cloud Visibility app. In continuing this goal, this release gives a new All Cloud Offenses Overview dashboard.
This new dashboard gives a central place where you can view all cloud-related offenses across your deployments. The dashboard comes with filters and charts that can be easily organized as needed. Out-of-the-box, the All Cloud Offenses Overview dashboard displays open offenses data in the following charts:
- Top offense categories
- Top log source types
- Total offenses by MITRE tactic and rule (available only if IBM QRadar Use Case Manager is installed
- Most severe offenses
- Most recent offenses
Similar to our other dashboards, this dashboard comes with a Trends tab so that you can view any trends of new offenses over a specific time period. With this tab, you can also save a snapshot of your chart data to further share and analyze any trends.
Cloud integrations guide
We are often asked “Do you integrate with X provider, and how?” Throughout these discussions, it became clear we needed a single view of all available cloud integrations we have within Cloud Visibility, along with an easy way to configure and launch these integrations.
To meet this need, we’ve added the Cloud integrations guide page to help you understand what cloud integrations are supported with QRadar, which integrations you currently have installed, and how to deploy and use them. The page covers the integrations for AWS, Azure, and IBM Cloud, and allows you to configure log sources and install cloud content extensions from one central place.
New chart: “Total offenses by MITRE tactic and rule”
The MITRE ATT&CK framework is a matrix of tactics, used to categorize adversary behaviors based on real observations. It is widely adopted by many security teams, due to its comprehensive understanding of user behaviors, threat hunting techniques, and overall offensive and defensive measures. QRadar provides several different ways to map rules out to the MITRE ATT&CK framework, including the QRadar Use Case Manager app.
With Cloud Visibility v1.4.0, we integrate with QRadar Use Case Manager to display a new chart on all of our dashboards. With this chart, you can see the number of offenses per MITRE tactic and per rule. You can also drill down into each section to gain more details, such as the list of offenses that relate to each chart.
Updates to AWS Account setup
Lastly, we made a few updates to how you can setup your AWS accounts with Cloud Visibility, such as:
- Support for selecting multiple regions in the AWS configuration step: With this update, you can now select for multiple regions across the globe to view your resources. For more information, see the documentation
- Support for adding multiple ARNs for the Assume role policy in the AWS configuration step: You can now add up to 10 managed policies to an IAM user, role, or group. Prior to this release, only one policy per AWS account was supported, limiting the number of accounts you could view.
Download the free QRadar app today, available on the IBM App Exchange:
IBM App Exchange: QRadar Cloud Visibility