QRadar Use Case Manager app

Use the guided tips in the IBM® QRadar® Use Case Manager app to help you ensure that IBM QRadar is optimally configured to accurately detect threats throughout the attack chain.

QRadar Use Case Manager includes a use case explorer that offers flexible reports that are related to your rules. QRadar Use Case Manager also exposes pre-defined mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

Explore rules through visualization and generated reports

  • Explore the rules through different filters to ensure that they work as intended.
  • Generate reports from predefined templates, such as searches based on rule response and actions, log source coverage, and many others.
  • Customize reports to see only the information that is critical to your analysis.

Tune your environment based on built-in analysis

  • Gain tuning recommendations unique to your environment right within the app.
  • Identify the topmost offense-generating or CRE-generating rules, and then follow the guide to tune them.
  • Reduce the number of false positives by reviewing the most common configuration steps. Easily update network hierarchy, building blocks, and server discovery based on recommendations.

Visualize threat coverage across the MITRE ATT&CK framework

  • Visually understand your ability to detect threats based on ATT&CK tactics and techniques.
  • View predefined QRadar tactic and technique mappings and add your own custom mappings to help ensure complete coverage.
  • Use new insights to prioritize the rollout of new use cases and apps to effectively strengthen your security posture.