IBM Support

QRadar Use Case Manager app overview

Question & Answer


Question

The IBM QRadar Use Case Manager app provides many options for filtering and searching rules in IBM Security QRadar. You can create custom views and reports of your rules based on a wide variety of criteria, and view relationships between rules and content packs, log sources, reference sets, and other data.

In addition to the filtering and searching options, the Use Case Manager app lets you view and configure your coverage of the MITRE ATT&CK framework. You can also view and add a number of recommended changes to your rules.

Tuning recommendations, unique to your environment, are also available in the Use Case Manager app.  Follow guidance in the app to tune your rules that generate the most offences to reduce false-positives. You can update network hierarchy, building blocks, and server discovery based on recommendations.

The Use Case Manager helps you to keep QRadar optimally configured to accurately detect threats throughout the attack chain.





Duration: 30 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
02 August 2022

UID

ibm16460475

Page Feedback