Scribd Logo
Upload

Welcome to Scribd!

  • QRadar Advisor With Watson App - IBM Documentation

    Uploaded by

    Stacy Burns
    21 views3 pages

    Original Title

    QRadar Advisor with Watson app - IBM Documentation

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views3 pages

    QRadar Advisor With Watson App - IBM Documentation

    Uploaded by

    Stacy Burns

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    8/24/23, 1:14 PM QRadar Advisor with Watson app - IBM Documentation

    QRadar Advisor with Watson app


    Last Updated: 2023-07-12

    The QRadar® Advisor with Watson™ app is designed to complement the IBM® QRadar Security Intelligence
    Platform by helping analysts triage and investigate incidents.

    The QRadar Advisor with Watson app uses IBM Cognitive Artificial Intelligence to assist users with incident and
    risk analysis, triage and response, and enables security operations teams to do more, with greater accuracy. As a
    result, it helps reduce the time spent investigating incidents from days and weeks down to minutes or hours.

    You can install the app from the IBM Security App Exchange: https://exchange.xforce.ibmcloud.com/hub. After you
    install the app on an existing QRadar deployment, the app performs incident and threat research.

    Note that you do not need to install a license key. As an entitled user, you must configure your X-Force®® Exchange
    authorization key in the QRadar Advisor with Watson Configuration Wizard.

    QRadar Advisor with Watson is supported on Google Chrome, Microsoft Edge, and Mozilla Firefox.

    Attention:
    The QRadar Advisor with Watson app is updating the data sources used by AI and Machine Learning
    (ML) models on 12 July 2023 to remove an open-source content enrichment open source feed for
    the Watson Discovery Service (WDS). For users, the removal of the Watson Discovery Service is not
    expected to reduce data quality. No administrator actions are required in the QRadar Advisor with
    Watson application. For more information, see this technical note.
    (https://www.ibm.com/support/pages/node/6998395)

    QRadar Advisor with Watson version 2.6.1 is supported only on QRadar 7.4.2 and later.

    QRadar Advisor with Watson version 2.6.0 or earlier is supported only on QRadar versions 7.3.3,
    7.4.0, 7.4.1.

    Note: The IBM Documentation contains the latest version of the QRadar Advisor with Watson
    product documentation unless otherwise noted.

    – What's new in the QRadar Advisor with Watson app


    Learn about the new features, fixes, and enhancements in the latest QRadar Advisor with Watson app release.
    – Getting started with the QRadar Advisor with Watson app
    For the features in IBM QRadar products to work properly, review the table to improve your QRadar deployment.
    – Videos and support resources
    Visit the links to learn more about IBM QRadar and the QRadar Advisor with Watson app.
    – Multitenancy in the QRadar Advisor with Watson app
    The QRadar Advisor with Watson app supports multitenant investigations and can investigate QRadar offenses

    https://www.ibm.com/docs/en/qsip/7.5?topic=apps-qradar-advisor-watson-app 1/3
    8/24/23, 1:14 PM QRadar Advisor with Watson app - IBM Documentation

    for multiple domain environments (tenants).


    – Integrations with the QRadar Advisor with Watson app
    The QRadar Advisor with Watson app can be integrated with different applications.
    – Installing the QRadar Advisor with Watson app
    Use the IBM QRadar Extensions Management tool to install the QRadar Advisor with Watson app on your QRadar
    Console.
    – Upgrading the QRadar Advisor with Watson app
    To take advantage of new capabilities, defect fixes, and updated workflows, upgrade to new versions of QRadar
    Advisor with Watson. Use the Extensions Management tool in QRadar Advisor with Watson to upgrade your app,
    or use the QRadar Advisor with Watson app to upgrade. You must be an administrator to upgrade to new
    versions of the app.
    – Configuring the QRadar Advisor with Watson app
    – Investigating offenses
    You can view details and then investigate the offense with QRadar Advisor with Watson app from the Offenses
    page on the QRadar Console.
    – Investigating users from the UBA app
    You can select users from the QRadar User Behavior Analytics (UBA) app to send to QRadar Advisor with Watson
    for investigation.
    – Exporting your analysis results to STIX
    You can export the results of an incident investigation from QRadar Advisor with Watson to STIX 2.0.
    – Exporting your analysis results to CSV
    You can export the results of an incident investigation from QRadar Advisor with Watson to CSV format.
    – Searching Watson for single indicator types
    Search Watson to view information and find evidence on a single indicator type.
    – Searching Watson for multiple indicator types
    Search Watson to view information and find evidence on multiple indicator types and reference sets.
    – Indexing best practices
    You can enable specific indexes to improve performance based on the types of offenses that you want to
    analyze.
    – Uninstalling your app
    Use the IBM QRadar Extensions Management tool to uninstall your application from your QRadar Console.
    – Cyber Adversary Framework Mapping Application
    With the Cyber Adversary Framework Mapping Application (included in Version 2.5.3 and earlier,) you can map
    your custom rules to MITRE ATT&CK tactics and techniques and override the IBM default rule mappings.
    – Watson readiness score card
    TheIBM QRadar Assistant app runs periodic checks on your QRadar system and reports the findings on the
    Watson readiness score card.
    – Watson offense prioritization model
    The Watson offense prioritization model in the QRadar Advisor with Watson app helps prioritize offenses that are
    in your offense queue so that you can address higher priority offenses before you address offenses with a lower
    priority. You can also map QRadar offense closing reasons to the suggested AI priority evaluation choices to
    automate AI feedback collection.

    https://www.ibm.com/docs/en/qsip/7.5?topic=apps-qradar-advisor-watson-app 2/3
    8/24/23, 1:14 PM QRadar Advisor with Watson app - IBM Documentation

    – Best practices for tuning your QRadar system


    To get the most out of the QRadar Advisor with Watson app, review the following guidance to tune your QRadar
    system.
    – Troubleshooting and support for the QRadar Advisor with Watson app
    To isolate and resolve problems with your IBM product, you can use the troubleshooting and support
    information.
    – Possible privacy settings
    You can make several configuration adjustments in your QRadar Advisor with Watson app to affect what data is
    passed to Watson for Cybersecurity during offense investigations.

    https://www.ibm.com/docs/en/qsip/7.5?topic=apps-qradar-advisor-watson-app 3/3

    You might also like