Use cases and user personas
You can use the IBM® Security QRadar® Network Visibility dashboards for threat hunting and alert training, and to gain insights into the network traffic in the environment. Use the dashboards for investigating network traffic or as a reference point for overall network behavior.
Network traffic provides a rich source of information that you can use to detect a vast range of cyberattacks in any environment. The widgets on each of the three dashboards target a number of different use cases. Many of these use cases align with MITRE ATT&CK tactics and techniques. The following table describes some of the examples:
Use cases | MITRE ATT&CK tactics and techniques |
---|---|
Initial Access | Spear Phishing, External Remote Services and more. |
Execution | Exploitation for Client Execution, User Execution and more. |
Persistence | Port Knocking, Create Account and more. |
Defense Evasion | Masquerading, Obfuscated Files or Information and more. |
Credential Access | Network Sniffing, Brute Force and more. |
Discovery | Remote System Discovery, Network Service Scanning and more. |
Lateral Movement | SSH Hijacking, Remote File Copy and more. |
Collection | Automated Collection, Data from Network Shared Drive and more. |
Command and Control | Uncommonly Used Port, Data Obfuscation and more |
Exfiltration | Exfiltration Over Alternative Protocol, Data Transfer Size Limits and more. |
Impact | Network Denial of Service, Resource Hijacking and more. |
For more information about the tactics and techniques, see MITRE ATT&CK (https://attack.mitre.org/).