Problems being faced by the customer/Specific business need/Pain point to address
-Unable to carry out log integration and monitoring through SIEM -Custom contents needs to be build as OOB use cases were not suitable
Solutions applied:
-Log Collection – Custom log source attachment – Multiple Custom Applications/Servers/ Tools with no OOB support . OOB support is not available for these log sources. Solution involved :
- Integration
- Log Analysis
- Custom DSM Development
- Custom fields extractions
-Use case creation
- Carried out the threat modelling exercise to understand the possible threat scenarios.
- Developed the custom Use cases and dashboards based on privileged monitoring scenarios and available data sources.
-Tuning the QRadar environment
- Creating rules, saving searches, and fine tuning
- Scheduling and modifying reports
Benefits delivered
-Single point of monitoring all audit logs and alerts on violations, possible security threats for custom application/tools which have no OOB support in QRadar