With the widespread shortage of security staff and skills, SOC analysts are overwhelmed, overworked which can result in inconsistent alert triage and in some cases alerts being ignored as they can look benign or because there is no-one available to process them. In addition, key individuals often leave organizations bringing with them the specific knowledge of their environment which risks the ability to respond on a 7x24 basis. This is where QRadar Advisor with Watson (QRAW) helps by automating routine SOC tasks, finding commonalities across investigations and providing actionable feedback to analysts. Analysts are freed up to focus on the more important elements of investigations.
New Offense Queue AI Model Automates and Prioritizes Alerts
The new Offense Priority AI Model adds to QRAW’s existing arsenal of essential tools that includes automatic data mining to gather local context, MITRE ATT&CK tactics and techniques mapping, cross investigation analytics and more.
QRadar Advisor version 2.4.1 introduces the new Offense Priority AI Model that prioritizes offenses in the queue so that SOC analysts can review and address the higher priority offenses before looking at the lower priority offenses.
- The AI model is a new feature that adds on to the current cognitive processes in QRadar Advisor with Watson such as correlating and presenting relevant threats with local observables.
- The AI model learns from the offenses that have been prioritized based on whether you agree or disagree with the output of the model and learns the priorities for your SOC.
- The Offense Priority AI Model evaluates offenses and assigns a high or low priority tag to each offense.
In summary, features and benefits for the new QRadar Advisor New AI Model include:
- Automated, consistent and accurate first step in the offense triage process
- The ability to sort the investigation queue based on priority
- The ability to focus on true high priority offenses instead of spending time determining if something needs to get escalated
- Uncovers previously missed false negatives
- Reduces the risk of missing a serious incident
- Reduces alert fatigue
- Reduces dwell and triage times
Below are some screenshots for the new AI model.
(Authored by J.O. Leger and Lolita Chandra).
#QRadar