Confidence in identifying threats

In this scenario, an organization is alerted about a certain threat, exploit, or vulnerability. To justify remediation efforts that might otherwise preempt normal business operations, they want to quantify a confidence interval for any associated risk.

Objective

To solve the problem in these investigations, the organization has these objectives:

  • Validate the susceptibility to the security risk.
  • Determine whether there is evidence of the security risk.
  • Assess the breadth and monetary impact of the security risk.
  • Understand the nature of the security risk

Investigation

Use the tools on the Forensics tab to help you investigate.

This image shows the options available in the Forensics tab to help you investigate the problem. Press Shift and click a link in the image to learn more about QRadar Incident Forensics. Click this area to get information about document search Click this area to get information about Digital Impression Click this area to get information about Visualizations Click this area to get information about Surveyor Click this area to get information about pivoting data
  1. Use free-form search, suspect content, and data-pivoting to search for the threat, exploit, or vulnerability by using potentially targeted entities as a starting point.
  2. Use free-form search and data-pivoting to compile occurrences.
  3. Use free-form search to cross-reference documents that might provide reference to the impact.
  4. Use Digital Impression and visualizations to identify the affected entities.
  5. Use Surveyor to analyze the activities that are associated with the threat or perpetrator.