Earlier versions of QRadar Advisor with Watson

Version 2.5.3 of the QRadar® Advisor with Watson™ app includes the following improvements:

• Fixed an issue that caused proxy passwords to display unmasked. Passwords entered in the Proxy Configuration page are now masked with an asterisk.
• Fixed an issue that caused pagination to be disabled on the Watson Investigations page.
• Fixed an issue that caused UBA user searches to open a broken Relationship Graph.
• Fixed an issue where the Relationship Graph was not providing clear reference links.

Version 2.5.2 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Added the ability to map QRadar offense closing reasons to the suggested AI priority evaluation choices in the QRadar Advisor with Watson configuration wizard. Note: After you upgrade to 2.5.2, you should visit the configuration wizard to configure the Closing Reason Priority Mapping page. For more information, see Mapping closing reason priority.
• Added the ability to automatically investigate offenses that are suggested by Watson. For more information, see Investigating offenses automatically.
• Changed local nodes so that when they are deemed non-malicious, they are shown with a dash (-) to indicate a null value.
• Fixed an issue that caused the wrong date to display in the "Relationship last seen" field on the Edge details pane.
• Resolved an issue that caused weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information stored in the app. For more information, see CVE-2019-4557.
• Added support for custom SSL certificate validation with a transparent proxy.
• Resolved an issue where the QRadar Advisor with Watson section on the Offenses tab never loads for some offenses.
• Fixed an issue where the Property Mapping page never loads.

Version 2.5.0 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Added the ability to review and add suggested property mappings. Note: After you upgrade to V2.5.0, you should review the Property Mapping configuration page to view any newly suggested property mappings. For more information, see Mapping custom properties in V2.5.0 and later.
• Improved the user experience for configuring the app. For more information, see Configuring the QRadar Advisor with Watson app with the Configuration Wizard.
• Added links for categories of the following node types: IP addresses, URLs, and Domain, when available.
• Fixed an issue where properties cannot be mapped from the Optimization configuration page.
• Fixed an issue that caused the Evaluation column on the Watson Investigations page to appear blank.
• Improved analysis by including L2L events or flows that involve MITRE ATT&CK Tactics and Techniques in the Relationship Graph.

Version 2.4.1 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Added Watson offense prioritization model. The model helps prioritize offenses in an offense queue so that the higher priority offenses can be addressed before you address the lower priority offenses. For more information, see Watson offense prioritization model.
• Added the ability to provide feedback on Watson's evaluation of an offense. Note: All collected data is purged after the QRadar Advisor with Watson retention period.
• Improved the Watson Investigations page by replacing the Concern column heading and concern scoring with an Evaluation column. The Evaluation column shows the priority of the offense (low or high) based on Watson's assessment.
• Added the ability to view logs if the Offense Disposition Analysis (ODA) encounters failures.
• Added the ability to configure automatic reinvestigation of offenses that were previously investigated. For more information, see Investigating offenses automatically
• Added the ability to export multiple analyses. .
• Added information to the investigation details page and the Relationship Graph to indicate where an observable was discovered.
• Added pagination to the Watson Investigation page, including the ability to select the number of items to view per page.
• Added the ability to specify a date and time range to search for an observable or set of observables on the network.

Version 2.3.0 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Added the ability to configure offense start time and last event and flow time in exact hours and minutes for automatic reinvestigation.
• Added the ability to create a search investigation by using reference sets and multiple indicators (observables).
• Added the ability to view investigation comparisons.
• Added the ability to populate file action reference sets with default values.
• Added notifications to inform users when XFE credentials are due to expire.
• Added the ability for QRAW Administrators to manage user visibility of the offense disposition analysis (ODA) feature.
• Added ReversingLabs to threat intelligence data sources.
• Added the ability to copy reference URLs to the clipboard.
• Added QRadar system notifications to notify users about QRAW app configuration issues.
• Fixed an issue that caused investigations that have AQL-based custom property offense sources to fail.
• Fixed an issue with 7.3.2 AQL unable to handle more than one IF condition.
• Added a topic that describes tips for tuning your QRadar deployment. For more information, see Getting started with the QRadar Advisor with Watson app.

Version 2.2.0 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Added the ability to filter observables on the Watson Investigation page.
• Added the ability to view the current trend for an indicator or observable so that you can determine how recent or prevalent a potential threat might be.
• Added the ability to view trending indicators and observables on the QRadar dashboard.
• Added the ability to delete investigations on the Watson Investigations page.
• Added the ability to view MITRE ATT&CK techniques that are associated with tactics.
• Added the ability to view the source information on the details pane to see how a user was determined to be high value on the Relationship Graph.
• Added the ability to configure a custom SSL certificate without specifying a proxy server.
• Added the ability to define asset weights in the new Asset Identification section of the QRadar Advisor with Watson Configuration wizard.
• Added icons to differentiate between a server and a non-server asset on the Relationship Graph.

Version 2.1.0 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Redesigned the Search Watson function so that you can search for specific indicator types from anywhere in QRadar.
• Added a button to the Search pane to submit the search request.
• Added the ability to view high value users and service accounts in investigation details and on the graph.
• Indicators from prior investigations are now prioritized in future investigations on the graph.
• Added the ability in the API to determine whether an investigation was submitted automatically or manually.
• Added the ability in the API to retrieve investigations that were submitted after a specific date.
• Added asset metadata to asset node details on the graph.
• Added the ability to view log and flow sources for edge details on the graph.
• Fixed an issue where the graph export pane was only partially visible.
• Fixed an issue where Watson insights were not displayed on related investigation nodes on the graph.
• Fixed an issue with displaying hashes and filenames on file nodes on the graph.

Version 2.0.1 of the QRadar Advisor with Watson app includes the following fixes and improvements:

• Moved to V7.3.1 Patch 7 Interim Fix 1 as a minimum version due to a QRadar issue affecting the Cyber Adversary Framework Mapping Application.
• Fixed an issue that caused too many automatic investigations to be queued at one time.
• Changed Offense Disposition Analysis to run every 6 hours on closed offenses.
• Added a filter to the View Logs button to show relevant logs for failed investigations.
• Improved full search results for Domain Name searches.
• Fixed an issue with reinvestigating user searches that are initiated from UBA.

Version 2.0.0 of the QRadar Advisor with Watson app includes the following new features and improvements:

• Redesigned the Watson investigations and the relationship graph screens to improve navigation and usability.
• Added the ability to run multiple investigations from the Watson Investigations page.
• Revised the text summaries for Watson insights, offenses, and reference summary.
• Added filtering options for viewing high and low value assets on the relationship graph.
• Added Offense Disposition Analysis visualization to view the historical breakdown of offense closing reasons.
• Added the ability to view related investigations.
• Improved clustering and pruning in the graph.
• Added MITRE ATT&CK tactics visualization and the ability to customize your mappings with the Cyber Adversary Framework Mapping Application app.
• Added the Cyber Adversary Framework Mapping Application app.