Use cases and user personas

You can use the IBM® Security QRadar® Network Visibility dashboards for threat hunting and alert training, and to gain insights into the network traffic in the environment. Use the dashboards for investigating network traffic or as a reference point for overall network behavior.

Network traffic provides a rich source of information that you can use to detect a vast range of cyberattacks in any environment. The widgets on each of the three dashboards target a number of different use cases. Many of these use cases align with MITRE ATT&CK tactics and techniques. The following table describes some of the examples:

Table 1. Use case examples
Use cases MITRE ATT&CK tactics and techniques
Initial Access Spear Phishing, External Remote Services and more.
Execution Exploitation for Client Execution, User Execution and more.
Persistence Port Knocking, Create Account and more.
Defense Evasion Masquerading, Obfuscated Files or Information and more.
Credential Access Network Sniffing, Brute Force and more.
Discovery Remote System Discovery, Network Service Scanning and more.
Lateral Movement SSH Hijacking, Remote File Copy and more.
Collection Automated Collection, Data from Network Shared Drive and more.
Command and Control Uncommonly Used Port, Data Obfuscation and more
Exfiltration Exfiltration Over Alternative Protocol, Data Transfer Size Limits and more.
Impact Network Denial of Service, Resource Hijacking and more.

For more information about the tactics and techniques, see MITRE ATT&CK (https://attack.mitre.org/).