we are currently thinking about visualization possibilities to support and enhance the capabilities of our Security Operations team.
Are there mechanisms within QRadar that can be used, or otherwise APIs, methods, command line tools etc. to acquire that data, or even 3rd party tools that can support with that (commercial or non-commercial?
Has anyone already done this and can recommend a way to do this or at least point me in the right direction?
Two ideas for visualisation (inspired by http://www.networksecuritytoolkit.org)
Case 1: Offenses placed within our infrastructure on a world map leveraging Geo-IP and QRadar Topology Data
Case 2: Traffic originating from potential malicious networks to ours.
Thank you in advance for your help.-------Posted BY Advanced Persistent Troll