IBM QRadar SIEM Features

Response (5)

Resolution Automation: Diagnose and resolve incidents without the need for human interaction.
Resolution Guidance: Guide users through the resolution process and give specific instructions to remedy individual occurrences.
System Isolation: Cuts off network connection or temporarily inactivate applications until incidents are remedied.
Threat Intelligence: Gathers information related to threats in order to gain further information on remedies.
Incident Investigation: Analyzes incidents, correlates related events, and determines the scope and impact of attacks.

Event Management: Alerts users of incidents and allows users to intervene manually or triggers an automated response.
Automated Response: Reduces time spent remedying issues manually. Resolves common network security incidents quickly.
Incident Reporting: Documents cases of abnormal activity and compromised systems.
Incident Logs: Information on each incident is stored in databases for user reference and analytics.
Incident Alerts: Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.
Incident Reporting: Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Threat Intelligence: Stores information related to common threats and how to resolve them once incidents occur.
Vulnerability Assessment: Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.
Advanced Analytics: Allows users to customize analytics with granulized metrics that are pertinent to your specific resources.
Data Examination: Allows users to search databases and incident logs to gain insights on vulnerabilities and incidents.

Metadata Management: Indexes metadata descriptions for easier searching and enhanced insights
Artificial Intelligence & Machine Learning: Facilitates Artificial Intelligence (AI) or Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.
Response Automation: Reduces time spent remedying issues manually. Resolves common network security incidents quickly.
Continuous Analysis: Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Multi-Network Capability: Provides monitoring capabilities for multiple networks at once.
Anomaly Detection: Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.
Network Visibility: Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks.
Scalability: Provides features to allow scaling for large organizations.
Incident Alerts: Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.
Anomaly Detection: Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.
Continuous Analysis: Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.
Decryption: Facilitates the decryption of files and data stored using cryptographic algorithms.

File Analysis: Identifies potentially malicious files and applications for threats files and applications for abnormalities and threats.
Memory Analysis: Analyzes infortmation from a computer or other endpoint's memory dump for information removed from hard drive.
Registry Analysis: Identifies recently accessed files and applications for abnormalities and threats.
Email Analysis: Parses and/or extracts emails and associated content for malware, phishing, other data that can be used in investigations.
Linux Analysis: Allows for parsing and/or extraction of artifacts native to Linux OS including but not limited to system logs, SSH activity, and user accounts.
Continuous Analysis: Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.
Behavioral Analysis: Constantly monitors acivity related to user behavior and compares activity to benchmarked patterns and fraud indicators.
Data Context: Provide insights into why trends are occurring and what issues could be related.
Activity Logging: Monitors, records, and logs both real-time and post-event activity.

Anomaly Detection: Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.
Incident Alerts: Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.
Activity Monitoring: Monitors the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Usage Monitoring: Tracks infrastructure resource needs and alerts administrators or automatically scales usage to minimize waste.
Database Monitoring: Monitors performance and statistics related to memory, caches and connections.
API Monitoring: Detects anomalies in functionality, user accessibility, traffic flows, and tampering.
Activity Monitoring: Actively monitors status of work stations either on-premise or remote.

Security Automation: Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.
Security Integration: Integrates additional security tools to automate security and incident response processes.
Multicloud Visibility: Allows users to track and control activity across cloud services and providers.