Scribd Logo
Carica

Benvenuto in Scribd!

  • Use Cases

    Caricato da

    raghuram medapati
    38 visualizzazioni5 pagine
    use cases of qrader

    Titolo originale

    use cases

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    use cases of qrader

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    38 visualizzazioni5 pagine

    Use Cases

    Caricato da

    raghuram medapati
    use cases of qrader

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    0

    Malware detection and analysis


    Malware frequently morphs to avoid detection. You can use QRadar Network Insights to detect
    malware based on file hashes and file activity, and observe and analyze artifacts such as:
     Names
     Properties
     Movement
     Suspicious content
    Phishing email and campaign detection
    Phishing can hide in plain sight by disguising its activity within the volumes of normal emails. You can
    prepare for and react to malicious emails by using QRadar Network Insights to analyze:

     Sources
     Targets
     Subject
     Content
    Insider threats
    You can integrate QRadar Network Insights with the User Behavior Analytics app to improve threat
    detection. Use the QRadar Network Insights analytics to recognize:

     High-risk users
     Potential targets of phishing
     Negative sentiment
     Suspicious behaviors
    Lateral movement attack detection
    QRadar Network Insights can trace anomalous communications:
     Reconnaissance
     Data transfers
     Rogue and malicious actors
    Data exfiltration protection
    Data can be exfiltrated through many methods. Use QRadar Network Insights to identify and track
    suspicious files such as:

     DNS abnormalities
     Sensitive content
     Aberrant connections
     Aliases
    Identify compliance gaps
    QRadar Network Insights allows for continuous monitoring of enterprise, industry, and regulatory
    compliance.
     UBA : Bruteforce Authentication Attempts
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Executive Only Asset Accessed by Non-Executive User
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : High Risk User Access to Critical Asset
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Multiple VPN Accounts Failed Login From Single IP
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Multiple VPN Accounts Logged In From Single IP
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Repeat Unauthorized Access
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Terminated User Activity
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Unauthorized Access
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Unix/Linux System Accessed With Service or Machine Account
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Access - Failed Access to Critical Assets
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Access - First Access to Critical Assets
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Access from Multiple Hosts
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Access to Internal Server From Jump Server
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Access Login Anomaly
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Accessing Account from Anonymous Source
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : User Time, Access at Unusual Times
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : VPN Access By Service or Machine Account
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : VPN Certificate Sharing
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.
     UBA : Windows Access with Service or Machine Account
    The QRadar User Behavior Analytics (UBA) app supports use cases based on rules for
    certain behavioral anomalies.

    Potrebbero piacerti anche