Unsanctioned allocation of resources

In this scenario, an organization suspects unsanctioned allocation of resources, which is leading to a negative financial impact on business operations.

Objective

To solve the problem in these investigations, the organization has these objectives:

  • Locate the misallocation of resources.
  • Identify the entities that are involved and responsible for the misallocation of resources.
  • Understand the motivations for the unsanctioned allocation of resources.
  • Assess the size and scope of the misallocated resources.

Investigation

Use the tools on the Forensics tab to help you investigate.

This image shows the options available in the Forensics tab to help you investigate the problem. Press Shift and click a link in the image to learn more about QRadar Incident Forensics. Click this area to get information about document search Click this area to get information about pivoting data Click this area to get information about document reconstruction Click this area to get information about Surveyor Click this area to get information about Digital Impression
  1. Use free-form search for communications that are associated with allocated resources.
  2. Use free-form search, data-pivoting, and Digital Impression to find identifiers of entities that are making unsanctioned allocation of resources.
  3. Process the content of the interactions that are involved to assess motives by reviewing reconstructed documents and by using visualizations.
  4. Use Surveyor to retrace allocation activities to understand the quantity of misallocated resources.