Co-authored by Jason Leger.
We are pleased to announce that IBM QRadar Advisor with Watson (QRAW) release 2.3 is now available. Below are highlights of new features/enhancements included in this release:
Full Search Investigation using Reference Sets or Multiple Indicators list:
- This feature allows analysts to create full search investigations from one or more reference set of observables that they have stored in reference sets/maps, allowing analysts to look for indications of compromise in the network without having to generate an offense from that data.
- In addition the user now has the option to create a full search investigation from a list of multiple indicators of different types.
- These features will allow the analyst to leverage the power of QRadar Advisor with Watson analytics and enrichment with their own threat intel.
Re-Investigation Comparison
- This feature gives the analyst the ability to re-do an investigation and allows the user to see what has changed since the previous investigation.
- After a re-investigation, the list of indicators will not be labeled as New, Same or Deleted.
Pre-populate File Action reference sets with default values
- This feature pre-populates AV action reference sets for file action taken values (blocked vs. allowed) so that customers have default values for this feature. This feature helps SIEM Administrators as that they don’t have to configure AV actions values in the references sets unless they have uncommon actions fields.
Admin control over ODA/AI result visibility
- This feature gives the admin the ability to hide ODA/AI results from specific users.
Additional of a New Threat Intelligence Source
- Reversing Labs was added as a new Threat Intelligence source.
Click here to learn more about QRadar Advisor with Watson release 2.3
Click here to upgrade to Release QRadar Advisor with Watson release 2.3
#QRadar