Welcome to the IBM TechXchange Community, a place to collaborate, share knowledge, & support one another in everyday challenges. Connect with your fellow members through forums, blogs, files, & face-to-face networking.
IBM Security Join our 15,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
• Brief White Board Introduction• Rules Capabilities in the Endpoint Content Extension• Bringing standard Windows and Sysmon Logs to QRadar with Win Collect• Customer Experiences• Question and Answers from our Panelists
SummaryNone would argue that Windows systems can use all the protection we can give them. Not only they are under constant attacks, but also new vulnerabilities are discovered much too frequently.Standard Windows logs have become better and QRadar has free rules that can detect many attacks. If you enhance those Windows logs with the free Sysmon from Microsoft, QRadar can do real wonders detecting sophisticated and obfuscated attacks.To prove this, I have pulled two of the developers of those rules (Gladys Koskas and Mo) who are going to show concrete examples of that detection. Also I have lined up Wincollect developer (Josh Ryan) who is going to show how easy it is to set Wincollect to send only significant Sysmon logs to QRadar with minimal EPS impact. After that, we will have two engineers (Kevin and Stephen) from one QRadar customer sharing how these technologies have enable them to uncover bad guys while trying.We will close the session with 15 minutes for you to ask questions to these distinguished professionals.SpeakersJose BravoSecurity Architect, North America at IBM SecurityGladys KoskasQRadar Content Development Lead at IBM SecurityMololuwa JosiahSecurity Content Developer at IBM SecurityJosh RyanSoftware Engineer at IBM SecurityKevin WoodDirector, CISOStephen MurphyAssociate Director, Cyber Security Operations
00:58:54