Manage common offenses detected by QRadar SIEM

How to protect your assets and information from advanced threats

In a series of 4 videos, Jose Bravo shows you how to manage 11 of the most common security offenses detected by IBM Security QRadar® SIEM. QRadar consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.

Share:

Jose F. Bravo, Systems Engineer and Authorization Security Expert, IBM

Jose Bravo is a 26-year IBM Security subject matter expert. He recently joined the IBM Security Tiger Team. A prolific video educator, Bravo's main area of expertise is strong authentication; he has seven patents in that field. His BS in Electronic Engineering is from Simon Bolivar University, and his Master of Science in Computer and Systems Engineering is from Rensselaer Polytechnic Institute.



07 July 2014

The economic benefits of QRadar

IBM QRadar Security Intelligence: Perception Capture Study The Ponemon Institute has published "IBM QRadar Security Intelligence: Evidence of Value," which summarizes findings from 25 client interviews on the value of QRadar.

Download the free report

Introduction

QRadar comes with many predefined rules for monitoring your environment. In most environments, your screen will fill up quickly with detected offenses that require your attention.

In these four videos, learn the capabilities of QRadar and get acquainted with its intuitive interface, as you see how to manage the most commonly detected offenses.


Part 1: Offenses 1025, 885, 953

Manage common offenses detected by QRadar SIEM, Part 1 | 8:52
Video: Manage common offenses detected by QRadar
                        SIEM, Part 1 | 8:52
Transcript
  • Offense 1025 - XForce: Connection to a known malware site is detected
  • Offense 885 - Distributed Denial of Service attack detected
  • Offense 953 - Authentication attempt by unauthorized user

Part 2: Offenses 911, 995, 929

Manage common offenses detected by QRadar SIEM, Part 2 | 8:15
Video: Manage common offenses detected by QRadar
                        SIEM, Part 2 | 8:15
Transcript
  • Offense 911 - Potential data loss
  • Offense 995 - Potential data loss
  • Offense 929 - Potentially successful exploit

Part 3: Offenses 916, 938, 906

Manage common offenses detected by QRadar SIEM, Part 3 | 7:13
Video: Manage common offenses detected by QRadar
                        SIEM, Part 3 | 7:13
Transcript
  • Offense 916 - Traffic from untrusted network to trusted network
  • Offense 938 - Sensitive in transit
  • Offense 906 - OS attack

Part 4: Offenses 901, 898, and an intro to QRadar Risk Manager policies

Manage common offenses detected by QRadar SIEM, Part 4 | 6:17
Video: Manage common offenses detected by QRadar
                        SIEM, Part 4 | 6:17
Transcript
  • Offense 901 - Assess devices that allow banned protocols from the Internet
  • Offense 898 - Compliance: Detect assets using out-of-policy protocols within regulatory networks

Jose also demonstrates how to use a Risk Manager policy to identify assets with high-risk vulnerabilities that are exploitable from the Internet.

Resources

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Security on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Security
ArticleID=976542
ArticleTitle=Manage common offenses detected by QRadar SIEM
publish-date=07072014