Use cases and user personas
You can use the IBM® Security QRadar® Network Visibility dashboards for threat hunting and alert training, and to gain insights into the network traffic in the environment. Use the dashboards for investigating network traffic or as a reference point for overall network behavior.
Network traffic provides a rich source of information that you can use to detect a vast range of cyberattacks in any environment. The widgets on each of the three dashboards target a number of different use cases. Many of these use cases align with MITRE ATT&CK tactics and techniques. The following table describes some of the examples:
|Use cases||MITRE ATT&CK tactics and techniques|
|Initial Access||Spear Phishing, External Remote Services and more.|
|Execution||Exploitation for Client Execution, User Execution and more.|
|Persistence||Port Knocking, Create Account and more.|
|Defense Evasion||Masquerading, Obfuscated Files or Information and more.|
|Credential Access||Network Sniffing, Brute Force and more.|
|Discovery||Remote System Discovery, Network Service Scanning and more.|
|Lateral Movement||SSH Hijacking, Remote File Copy and more.|
|Collection||Automated Collection, Data from Network Shared Drive and more.|
|Command and Control||Uncommonly Used Port, Data Obfuscation and more|
|Exfiltration||Exfiltration Over Alternative Protocol, Data Transfer Size Limits and more.|
|Impact||Network Denial of Service, Resource Hijacking and more.|
For more information about the tactics and techniques, see MITRE ATT&CK (https://attack.mitre.org/).