Tuesday, September 6, 2016

Qradar -- How is Offense Magnitude calculated?

Multiple properties will affect the magnitude, including

-number of events/flows associated to an offense
-number of log sources
-age of the offense over times per
-weight of the network object associated with offense
-severity/relevance/credibility of the event, and the categories of those events - login failures being weighed higher than firewall allows
-vulnerabilities/threat assessment of the host(s) involved in the offense, from asset data - ports, vulnerabilities, applications, etc

The process for calculating the sev/cred/relev of the offense is somewhat complicated. It's not actually based on the sev/cred/relev of the events at all.
It's based on the sev/crd/relev of the categories that are associated with the events.

2 comments:

  1. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in IBM QRADAR, kindly Contact MaxMunus
    MaxMunus Offer World Class Virtual Instructor led training on IBM QRADAR. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 1,00,000 + trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us.
    Avishek Priyadarshi
    MaxMunus
    E-mail: avishek@maxmunus.com
    Skype id: avishek_2 .
    Ph:(0) 8553177744 / 080 - 41103383
    www.MaxMunus.com

    ReplyDelete
  2. The purpose of such training is to address aspects such as IT security and protection, responsibilities of people handling information, availability of data confidentiality, and how to handle problems such as unauthorized data modification, disruption, destruction and misuse of information. cyber security training in hyderabad

    ReplyDelete