Getting started for analysts
Improve threat visibility and detection in your deployment by monitoring essential event and alert data on all of your threat attack paths. You can view alerts and cases that are created by automatic triage. This information helps you understand the potential and details of a security incident or attack. You can then follow steps to investigate and contain the threat.
After you configure IBM® Security QRadar® SOAR to connect
with the tools and data that you want to work with, the applications and dashboards help you analyze
that data.
- Connect with other common security tools (SIEMs, NDRs, and EDRs) to receive correlated alerts and run federated searches and threat hunts across connected systems.
- The connections and integrated security analysis helps to automate and speed up your management of and response to security threats.
Automate your security monitoring, investigations, and analysis in a flow to suit your environment.
- Investigate cases and
threats to enrich and collaborate on analysis and response to threats.
- After the system processes alerts, cases can be created automatically based on correlation and prioritization.
- IBM Security Threat Investigator works with IBM Security Case Management to find cases that warrant an investigation and automatically starts investigating.
- After data sources are connected by using Universal Data Insights or Connected Assets and Risk components, you can use Data Explorer to run federated searches and threat hunting across these systems.
- Use Threat Intelligence Insights to identify relevant and high priority threats and to monitor and detect vulnerabilities in your environment.
- Manage rules and use cases to inform Threat Investigator and Data Explorer queries.
- Gain insights by using dashboards to view and monitor threat statistics and activities.