Problems being faced by the customer/Specific business need/Pain point to address
-Lack of capability/ expertise to carry out the integration / log analysis and use case development. -Involved Production deployments –
Solutions applied:
-Log Collection – Standard log source attachment – IBM PIM
- The OOB support was available for this log source but some critical configuration changes and database modifications are involved from PIM side in order to pull audit events to QRadar.
-Use case creation
- Developed custom use cases and dashboards based on privileged monitoring scenarios and available data sources.
- Developed custom views/ menu options to drill down to display the additional correlated information to the offenses generated.
Benefits delivered
-Helps to identify security issues and privileges escalations -Enabled reporting on SLAs violation through the IBM QRadar