Manage common offenses detected by QRadar SIEM
How to protect your assets and information from advanced threats
QRadar comes with many predefined rules for monitoring your environment. In most environments, your screen will fill up quickly with detected offenses that require your attention.
In these four videos, learn the capabilities of QRadar and get acquainted with its intuitive interface, as you see how to manage the most commonly detected offenses.
Part 1: Offenses 1025, 885, 953
- Offense 1025 - XForce: Connection to a known malware site is detected
- Offense 885 - Distributed Denial of Service attack detected
- Offense 953 - Authentication attempt by unauthorized user
Part 2: Offenses 911, 995, 929
- Offense 911 - Potential data loss
- Offense 995 - Potential data loss
- Offense 929 - Potentially successful exploit
Part 3: Offenses 916, 938, 906
- Offense 916 - Traffic from untrusted network to trusted network
- Offense 938 - Sensitive in transit
- Offense 906 - OS attack
Part 4: Offenses 901, 898, and an intro to QRadar Risk Manager policies
- Offense 901 - Assess devices that allow banned protocols from the Internet
- Offense 898 - Compliance: Detect assets using out-of-policy protocols within regulatory networks
Jose also demonstrates how to use a Risk Manager policy to identify assets with high-risk vulnerabilities that are exploitable from the Internet.