Problems being faced by the customer/Specific business need/Pain point to address:
A customer is unable to carry out log integration and monitoring through SIEM. Custom contents needs to be built for the business as OOB use cases are not suitable. Performing custom field extractions and DSM development can help settle this complication.
- Log Collection – Custom log source attachment – Multiple Custom Applications/Servers/ Tools with no OOB support . OOB support is not available for these log sources. Solution involved :
- Log Analysis
- Custom DSM Development
- Custom fields extractions
- Use case creation
- Carried out the threat modelling exercise to understand the possible threat scenarios.
- Developed the custom Use cases and dashboards based on privileged monitoring scenarios and available data sources.
- Tuning the QRadar environment
- Creating rules, saving searches, and fine tuning
- Scheduling and modifying reports
Single point of monitoring all audit logs and alerts on violations, possible security threats for custom application/tools which have no OOB support in QRadar