Risk assessments

In this scenario, a security bulletin that outlines certain vulnerabilities, exploits, or malicious behavior prompts an organization to do a risk assessment. The risk assessment determines whether the organization is susceptible or is already compromised.

Objective

To solve the problem in these investigations, the organization has these objectives:

  • Assess the presence of identified vulnerabilities in the organization.
  • Detect the malicious presence of external parties.
  • Uncover evidence of any compromise.
  • Determine whether the organization is a victim of an exploit.
  • Determine the user's identity.

Investigation

Use the tools on the Forensics tab to help you investigate.

This image shows the options available in the Forensics tab to help you investigate the problem. Press Shift and click a link in the image to learn more about QRadar Incident Forensics. Click this area to get information about Document search Click this area to get information about Surveyor Click this area to get information about document reconstruction
  1. Use free-form search to search for traits of vulnerabilities, exploits, or other malicious behavior that is specified in the security bulletin.
  2. Use free-form search to cross-reference research or other data to derive indicators.
  3. Use Surveyor to investigate interactions that possibly exploited vulnerabilities that were identified.
  4. Examine suspect content that is flagged by the product.
  5. Review content that underlies potentially risky interactions by using data reconstruction.
  6. Use Surveyor to retrace the activities of potentially risky entities.