Use case: Offense attack path visualization

Offenses in IBM QRadar Risk Manager are events that are generated by the system to alert you about a network condition or event.

Attack path visualization ties offenses with topology searches. This visualization allows security operators to view the offense detail and the path the offense took through your network. The attack path provides you with a visual representation that shows you the assets in your network that are communicating to allow an offense to travel through the network. This data is critical during auditing to prove that you monitor for offenses, but also proves that the offense does not have an alternative path in your network to a critical asset.

Viewing the attack path of an offense

The attack path of the offense shows the source, destination, and associated devices.

Procedure

  1. Click the Offenses tab.
  2. On the navigation menu, click All Offenses.
    The All Offenses page displays a list of offenses that are on your network. Offenses are listed with the highest magnitude first.
  3. Double-click an offense to open the offense summary.
  4. On the Offenses toolbar, click View Attack Path.