Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

QRadar Use Case Manager

QRadar Use Case Manager includes a use case explorer that offers flexible reports that are related to your rules. QRadar Use Case Manager also exposes pre-defined mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

Explore Rules Through Visualization and Generated Reports

  • Explore the rules through different filters to ensure that they work as intended.

  • Generate reports from predefined templates, such as searches based on rule response and actions, log source coverage, and many others.

  • Customize reports to see only the information that is critical to your analysis.

Tune Your Environment Based on Built-in Analysis

  • Gain tuning recommendations unique to your environment right within the app.

  • Identify the topmost offense-generating or CRE-generating rules, and then follow the guide to tune them.

  • Reduce the number of false positives by reviewing the most common configuration steps. Easily update network hierarchy, building blocks, and server discovery based on recommendations.

Visualize Threat Coverage Across the MITRE ATT&CK Framework

  • Visually understand your ability to detect threats based on ATT&CK tactics and techniques.

  • View predefined QRadar tactic and technique mappings and add your own custom mappings to help ensure complete coverage.

  • Use new insights to prioritize the rollout of new use cases and apps to effectively strengthen your security posture.

  • What's new in QRadar Use Case Manager

    Stay up to date with the new features that are available in the QRadar Use Case Manager app so that you get the most out of your use case management experience.

  • Known issues

    The QRadar Use Case Manager app has required information for known issues.

  • Video demonstrations

    Watch video tutorials to learn how to use the workflows and features in QRadar Use Case Manager.

  • Supported environments for QRadar Use Case Manager

    For the features in QRadar products to work properly, you must use the supported environments.

  • Installation and configuration checklist

    As you install the QRadar Use Case Manager app, review and complete all of the necessary tasks on the installation checklist.

  • MITRE ATT&CK mapping and visualization

    The MITRE ATT&CK framework represents adversary tactics that are used in a security attack. It documents common tactics, techniques, and procedures that can be used in advanced persistent threats against enterprise networks.

  • Accessing report data by using QRadar Use Case Manager APIs

    As an alternative to using the interface in QRadar Use Case Manager, you can use APIs to download report data to CSV or JSON files. Try using the interactive API documentation interface to test the APIs before you use them in your scripts.

Related Documentation