IBM QRadar

 View Only

QRadar Use Case Manager

By SHANE LUNDY posted Tue October 29, 2019 12:31 PM

  
Hi Everyone

I'm very pleased to announce that we have just released the IBM QRadar Use Case Manager to the App Exchange. You can download it from here . This new app is free to download for QRadar users and is bursting with lots of features to help you tune and manage your use cases in QRadar. Lets take a quick look here at some of the key features. 

1. Do you want to access your security posture against one of the most adopted frameworks out there, MITRE ATT&CK? This framework has been widely adopted by security experts and industries around the world. With the QRadar Use Case Manager we have you covered. 

With hundreds of out of the box use cases downloadable from the App Exchange pre mapped to Mitre Tactics and Techniques. You can start implementing your framework coverage and addressing your security posture. This has all been made very easy within the QRadar Use Case Manager. Simply point and click. 

Overall Coverage 
Tuning10_RuleExplorer4.png
Update existing or new use cases in QRadar.

Screen_Shot_2019-10-10_at_12_43_05.png
2. Need help managing your use cases in QRadar. Whether you are interacting daily with your use cases in QRadar, downloading new use cases from the IBM Security App Exchange or been given the task of managing an existing set designed by somebody else. QRadar Use Case Manager is there to help. Easy to use filtering allows users the ability to navigate down to the exact point of a rule in QRadar to see what needs changed or updated.

2019-10-29_1545.png
We have also packaged a set of predefined templates to help you analyse whats important in your environment. Some examples below.

Do you interact with white and blacklists and need to know which need updating? 

Screen_Shot_2019-10-10_at_13_17_53.png
Are you bringing on new log sources? Easily determine which use cases you need to update.

Screen_Shot_2019-10-10_at_13_22_29.png
Screen_Shot_2019-10-10_at_13_25_40.png
3. Managing/Updating your use cases is very important but keeping them tuned is key! Your analysts need to be actioning the correct insights and not looking at false positives. With the Tuning section inside Use Case Manager we help with environment setup, rules generating the most offenses and provide insights into the key areas of your rules that may need your attention and tweaking. 

Tuning1_HomeWithOffenseTrend.png
Tuning2_ActiveRules.png
Tuning3_RuleWizard.png
See this great video from Jose Bravo giving you a nice walkthrough on everything mentioned above in the Use Case manager. 

Thanks for reading & stay tuned for quarterly updates as we bring exciting features in this app to the community of QRadar users.
2 comments
96 views

Permalink

Comments

Christopher Meenan
Sun November 03, 2019 04:54 PM

This is a fantastic set of capabilities Shane, well done to you and the team !

Manikyala Rao Munnaluri
Wed October 30, 2019 05:52 AM

Wow and great team efforts to make the MITRE attack visibility and Use case management initiative..