Watson offense prioritization model

The Watson offense prioritization model in the QRadar® Advisor with Watson™ app helps prioritize offenses that are in your offense queue so that you can address higher priority offenses before you address offenses with a lower priority. You can also map QRadar offense closing reasons to the suggested AI priority evaluation choices to automate AI feedback collection.

The prioritization AI model is built with a supervised learning approach. In supervised learning, the model is presented with a data point and it is taught what the data point represents. For example, the model is presented with a picture of a dog with a label "Dog" and picture of a cat labeled "Not a Dog" and a picture of a giraffe labeled "Not a Dog".

The model learns from the offenses that are prioritized based on whether you agree or disagree with the output of the model and learns priorities for your SOC. Offenses are labeled as "High" or "Low" depending on the evaluations that you provide.

If you do not think you are getting the results that you should be, make sure that you provided at least 500 evaluations on offenses (with a preference for agreeing or disagreeing with High Priority offenses or Low Priority offenses that are determined by the model).

Offense metadata is collected for each offense, including geographic information, and the observables attached to the offense. Information about your QRadar deployment, such as the types of log sources and rule names, is also collected.
Note: The model crowd sources data from all QRadar Advisor with Watson customers who agreed to provide their data.