I installed Watson on Qradar. I found that Watson can help me investigate each offense by using mixed infomation on cloud and local. Am I correct?
But What's about respones? After offenses are shown, what should I do for next? I try to find out the solution in order to save time Can Watson help or give me a guidelines?
For example:
If someone contact to C&C server. administrator should block that IP address/URL on Firewall or Proxy first then use antivirus or endpoint scan on client device.
But what's going on if offense is new for me and I don't know how to handle its
Please share me your idea
Thank you in advance
------------------------------
MAC Strater
------------------------------