Exploring security rule use cases with Detection and Response Center

The IBM® Detection and Response Center provides a unified overview of your organization's security posture through use cases from different security tools and platforms.

IBM Detection and Response Center supports rules from QRadar® and the Sigma community. Sigma rules, which are enhanced by STIX patterns, are used by Threat Investigator in its investigations. You can also run the STIX patterns in Data Explorer. For more information, see the Sigma rules repository at https://github.com/SigmaHQ/sigma and the license at Detection Rule License (DRL) 1.1.

Explore rules through visualization and reports

• Explore the rules through different filters.
• Customize reports to see only the information that is critical to your analysis.
• Run STIX patterns from Sigma rules in Data Explorer.

Visual threat coverage across the MITRE ATT&CK framework

• Visually understand your ability to detect threats based on ATT&CK tactics and techniques.
• Use new insights to prioritize the rollout of new use cases and apps to effectively strengthen your security posture.