Viewing details for the selected observable or relationship
You can learn more information about the selected observable or relationship from the details panes on the QRadar® Advisor with Watson™ Relationship Graph.
The Relationship Graph shows the relationships for observables that are returned from local, Watson enriched, and new local context investigations. You can click any node or edge in the graph to see more details.
Observable details
Click any observable to open the details pane. On the details pane, you can learn more information that is associated with the observable.
Depending on the observable you select, you might see the following details:
- Insights: Shows the relevance scores, toxicity scores, trending calendar, and other insights depending on the observable type and the context of the offense.
- MITRE ATT&CK Tactics & Techniques: Shows all of the tactics and any related techniques that are identified for an offense.
- X-Force Exchange Report: Shows relevant reports for IP, hash, and URL.
- WHOIS Record: Shows ownership of IP addresses and domains that appear in the graph.
- Asset Information: Shows information, such as the asset name, description, and host details, that is available for the asset. If the asset is in an Asset Profile, click the IP address to open the Asset Summary page in QRadar. In the Host Definitions section you can view custom Building Blocks if they are in the following convention: `BB:HostReference:` or `BB:HostDefinition:`.
- Associated file names
- Hashes: Shows the type and value of the hashes.
- Reputation: Indicates the reputation of the observable.
- Included AV Signatures: Shows anti-virus signatures and when they were last seen.
- Threat Intelligence Sets Matched: Indicates if the observable was matched to any mapped reference sets.
- Associated categories: Indicates any categories that are associated with the observable.
- User Profile: Shows user information that is extracted from the User Behavior Analytics (UBA) app if the UBA app is installed.
- References: Shows the following associated data sources and the confidence level of the source:
- IBM® X-Force® Exchange
- Trusted Business Partner threat intelligence Note: Because of licensing restrictions, the data provider is not displayed.
Relationship details
You can click a relationship or edge to open the Edge Details pane. On the Edge Details pane, you can learn more about the relationship between the observables.
Depending on the relationship or edge you select, you might see the following data for each
associated edge:
- Relationship last seen: Shows the date that the relationship was last observed.
- Relationship type: Describes how the observables are associated.
- Connection status: Shows blocked events and flows between a local and remote endpoint.
- Concern: Shows the level of concern for the edge.
- Log and Flow Source: Shows local log sources.
- Direction: Shows the type of investigation where the edge originated (source) and terminated (target).
- Type: Shows the observable type.
- Description: Shows the description for the observable type.
- Observable last seen: Shows the data that the observable was last observed.
- Trend: Shows the trend with the number of times an observable was seen in the last 90 days
- X-Force Exchange Report: Relevant reports are shown for IP, hash, and URL.
- Reputation: Indicates the reputation of the relationship.
- Associated categories: Indicates any categories that are associated with the relationship.
- References: Shows the following associated data sources and the confidence level of the source:
- IBM X-Force Exchange
- Trusted Business Partner threat intelligence Note: Because of licensing restrictions, the data provider is not displayed.