Obtaining security insights with Data Explorer

IBM® Security Data Explorer federates data across IBM and third-party products and data sources to identify sightings of indicators of compromise associated with each threat in your environment. You can query all of your security intelligence data and instantly retrieve relevant contextual details from one unified interface.

Why use Data Explorer?

Gain total insights from all your data, wherever it is located. While Universal Data Insights is the service that connects and retrieves content from multiple data sources, Data Explorer provides the interface where you can send queries to Universal Data Insights. You don't need to log in to multiple instances of multiple Security Information and Event Management (SIEM) products to investigate incidents or offenses, you need to build a query only once and run it in Data Explorer.

By using Data Explorer, you don't need to go anywhere else to manually search for additional information or enriched data. You do one search and Data Explorer automatically retrieves all related information through its integration with Universal Data Insights and other services such as Connected Assets and Risk, and Case Management.

You can use the following capabilities:

  • Narrow your search results through filtering and sorting.
  • Run another query at any point.
  • View information on the spot or through a simple click of a link.
  • Review completed queries.
  • Select an existing case and add data to the case.
  • Create a case and add data to the case.
  • Use a selection of Kestrel Threat Hunting Language commands to hunt threats.
Important: Data Explorer no longer supports admin access, and only User and No access options are available when assigning access to application capabilities. Ensure that the access level is set to User after an upgrade.