IBM Security QRadar

QRadar Use Case Manager 3.0 Release

By SHANE LUNDY posted Thu October 08, 2020 11:41 AM

Hi All

The new Use Case Manager has just released and its bursting with lots of great features to help you run a successful SOC Team. You can download the latest from here.

Are you managing a set of use cases, mapping your security posture out to the Mitre framework or maybe you are looking to get additional use case coverage and don't know where to start. Well, look no further, with the Use Case Manager 3.0 all of these great features are at your finger tips. 

Firstly you will see some fantastic design changes as we align the Use Case Manager (UCM) with IBM's new security design language. Look and feel that you are used to and great filtering and intuitive use within the product. 

Some other great features just touching the surface of what this tool has to offer.

Are you trying to find that needle in the hay stack??? Example - Show me all of my use cases that are active, are event based, add to a reference set and use the windows log source. This type of search will take your less than 30 seconds to find what you are looking for as apposed to spending hours searching through rules to find this. See below we have taken a rule set of over 1000 rows down to 15 to find exactly what we are looking for. 

Are you using the Mitre Tactic & Technique's (T&T) framework? The new Use Case Manager has added some great features on top of version UCM 2.3.

We now have added the ability to get a visual of the different Mitre Groups and Software so you can easily see the common Mitre T&T used by these adversary groups or malware. Helping you prioritize the roll out of different use cases based on the Mitre Technique you are trying to cover. 

We now have provided a great tool to help you visualise your progress in completing your Mitre T&T's coverage. We know it is a journey to get the coverage you require so this tool is designed to help you see progress and report on this progress. 

Do you need a Mitre Technique that you don't have coverage for? Within the Use Cases Manager 3.0 we now have provided the ability to search all of our content on the App Exchange and view the detailed use cases by Mitre before you even install a single content pack. Simply use one of the pre-defined templates and search for the Mitre T&T you are looking for and then look at the details before you install it. 

Finally leading on from my last point. This version of the UCM allows our users see all of their uninstalled content on the AppX. Not only does it let you browse this content and see the detailed use cases and their dependencies. We allow you view this content based on the log sources you are already ingesting to help you get additional coverage. We also allow you see and justify bringing on new log sources (that you don't already have in your system) and see what additional coverage this will provide from a use case perspective but also from a Mitre T&T's perspective. 

Have you got one hour to spare today? Become an expert with this great content below on the Use Case Manager and I'll promise you that this is one tool you won't put back in the toolbox. 

See some of the previous videos as these features are all still relevant in UCM3.0

MITRE Attack Framework with IBM QRadar Use Case Manager 2.1, 2.2, 2.3 Overview Part 1

MITRE Attack Framework with IBM QRadar Use Case Manager 2.1, 2.2, 2.3 Overview Part 2

And some new exciting videos added by Jose Bravo specifically on UCM v3.0

UCM V3 Tutorial Intro and Navigation
UCM V3 Tutorial Recommended Apps and Log Sources
UCM V3 Tutorial Improving my QRadar without spending a penny
UCM V3 Tutorial Making the case for additional log sources
UCM V3 Tutorial Log sources per Rule
UCM V3 Tutorial Using filters
UCM V3 Tutorial MITRE Part One
UCM V3 Tutorial MITRE Part Two