The Investigation Assistant uses
IBM
watsonx™ to provide summary of an
offense in your QRadar
environment.
An offense summary helps security analysts understand attack vectors that might affect hostnames,
users, and the source or destination IP. The suggested actions are used by security experts for more
research and mitigation.
Investigation Assistant app includes the following key capabilities:
Offense summary
Investigation Assistant app generates accurate offense summaries that help security analyst to quickly investigate and
mitigate risks. By using accurate offense summaries, a security analyst can rapidly comprehend
critical details about an offense, including the attack vector, affected users, and assets.
Recommended actions
The offense summary feature also comes with recommended actions with both long-term and
short-term measures. This helps to mitigate the immediate risk and to proactively avoid future
attacks. This makes it easier to eliminate uncertainty and take prompt action in response to serious
risks.
Support as a cybersecurity expert
By using Investigation Assistant app,
a security analyst finds all information that is related to cybersecurity. The app always stays in
the context of IBM
QRadar and
cybersecurity.
The following diagram summarizes the data flows for the Investigation Assistant. Figure 1. Investigation Assistant data
flow diagram
