Imagine a world where adversaries harness the power of generative AI to amplify their attacks – a reality that is now more prevalent than ever. But did you ever wonder how to use AI in your Security Operations Center (SOC)?
This is why IBM Expert Labs Security has built QRadar Co-Analyst, the first AI agent for the QRadar SOC, integrating with QRadar SIEM, QRadar SOAR and any other products you have in production (including searching threat intelligence, the web or your knowledge base).
By accessing SOC tools like IBM QRadar SIEM and SOAR, this approach can produce impressive results quickly and is still flexible enough for your special use-cases. This not only allows the implementation of popular generative AI patterns like summarization for single offenses and incidents but also doing the same across multiple offenses/incidents (e.g., filtered by the associated user). All this can be achieved effortlessly by communicating tasks in natural language to the Co-Analyst.
The approach even enables the delegation of simple to medium tasks to the AI agent. This can improve the performance of entry-level analysts by providing valuable cybersecurity context while also increasing the efficiency of your senior analysts.
From a technical perspective, the current prototype runs as a QRadar SIEM app that is built on the open-source Bee Agent Framework. It is inclined towards a watsonx.ai deployment for LLM (Large Language Model) inferencing but can also adapt to various deployment options tailored to specific client needs.
We would love to hear your thoughts on the approach. What specific tasks do you envision assigning to your Co-Analyst? Please comment below.
Are you ready for a short demo or a proof-of-concept running inside your environment? Please write a mail to tels.apps@ibm.com or contact me directly.