Nilesh Patel has just published a new how-to guide on the security on developerWorks community titled "Auto-Assigning QRadar Offenses." This people will be of interest to security admins that have large volumes of QRadar offenses to manage.
Here's the abstract:
In today's dynamic infrastructure world, every organization runs with multiple Line-Of-Business(LOB) such as Network, Application, Platform and so on. The Security Intelligence is the layer which actually seats on the top of all LOB; and the product like IBM Security QRadar, vastly expands the capabilities of traditional SIEM’s by incorporating new analytics techniques and broader intelligence. Unlike any other SIEM in the market today, IBM Security QRadar captures all activity on the network for assets, users and attackers before, during, and after an exploit and analyse all suspected incidents in this context. The IBM Security QRadar notifies a user about 'Offenses', which are a correlated set of incidents with all associated network, asset, vulnerability and identity context. This article explains a solution to automatically assign offenses to QRadar user, who could belong to Security Operation Center(SOC) team or LOB.