Offense investigation
Begin your offense investigation in the QRadar Analyst Workflow by clicking an offense in the offense table. The offense details provide context to help you understand what happened and determine how to isolate and resolve the problem.
In addition to the basic information included in the offense table, the offense details page
includes the following detailed information:
| Feature | Description |
|---|---|
| Insights | The Insights section displays rules that triggered the event. Click a rule to see details about specific rules. |
| Events graph | The Events graph displays the number of events that occurred at a given time within the last 7 active days. Use the scrubber bar at the top of the graph to zoom in on specific times and event spikes. Click View Events to see a list of events that contributed to the offense and investigate event details. |
| Source and Destination IPs | If offenses include multiple source or destination IPs, you can click the IP lists to scroll through the entire list of IPs. Click a specific IP address to see details about that IP. |
| Magnitude | The Magnitude graph provides a visual representation of how the magnitude was calculated, based on relevance, credibility, and severity. Click the graph to see a detailed description of how the magnitude is calculated. |
| Notes | In the Notes section, you can click on a long note to see the entire text. Click Add note to add your own note to the offense details. |
Tip: If an offense has a long title, click on the title to see the entire
offense title.