IBM Security QRadar

 View Only

QRadar Network Threat Analytics (NTA) v1.2

By Tom Obremski posted Fri April 07, 2023 10:29 AM


Security analytics allow us to detect threat activity that could otherwise be missed.  But these analytics benefit us the most when their results can be visualized with a rich set of supporting data in an intuitive way.

This is why IBM Security QRadar Network Threat Analytics (NTA) v1.2, which is now available on the X-Force App Exchange, adds new geographic based visualizations in addition to further enhancements to its network-based behavioral analytics.  As show below, the NTA v1.2 dashboard now includes a color-coded view of the world for current and historical views of network communications across regions.

NTA v1.2 also includes the ability to drill down for a more detailed geographic view with Finding overlays.  Zoom and scroll across the regions of interest, adjust time-frames, narrow activity through the wide range of filters available, and select any line for a breakdown on what communications are taking place between those locations.

And if you prefer to analyze your network data in table form, easily pivot to a table view of this same data.

As before, we automatically identify Findings by continually monitoring network communications.  These Findings represent related network activity over time between a pair of devices where new or unusual behavior has been detected. 

And when the Finding behavior aligns with MITRE ATT&CK techniques, those techniques are automatically identified as part of the Finding.

Select any Finding to see a summary of activity for that Finding along with details on what the analytics have identified.

Drill down further into specific network communications for details on what was expected vs. observed.

You can also generate QRadar events for Findings that exceed a configurable threshold.  These events will be created when NTA identifies new activity that scores above this threshold and then additional events are generated to provide updates for that finding over time.  And just like your other QRadar events, these NTA events can be used in rules and can generate Offenses either by themselves or through correlation with other events and data sources.

IBM Security QRadar Network Threat Analytics is available to all QRadar customers to enhance your network-based detection, investigation, and threat hunting capabilities as part of the QRadar Network Detection and Response (NDR) portfolio.