By Maltego Technologies
Extract and map context of IOCs from event logs and offenses.
IBM QRadar Transforms for Maltego
QRadar uses rules to monitor information security events and network flows to detect security threats. When events and flows meet the test criteria that are defined in the ruleset, an offense is created to show that a security attack or policy breach is suspected.
The IBM QRadar integration for Maltego provides context for events and offenses helping improve investigations by mapping the complex relationships. The IBM QRadar Enterprise integration for Maltego enable security teams to extract and map host assets, IP addresses, hashes, operating systems, vulnerabilities and other IOCs from event logs and offenses.
Using the Transforms, investigators and analysts can query offenses from a given QRadar Instance, find the related events for those offenses, bring in the IOCs into Maltego, and leverage our wide variety of data sources to augment and enrich their investigations.
Typical Users of IBM QRadar Data
- Threat Intelligence Teams
- Threat Hunting Teams
- Incident Response Teams
- Security Operation Centers