Problems being faced by the customer/Specific business need/Pain point to address

-Unable to carry out log integration and monitoring through SIEM -Custom contents needs to be build as OOB use cases were not suitable

Solutions applied:

-Log Collection – Custom log source attachment – Multiple Custom Applications/Servers/ Tools with no OOB support . OOB support is not available for these log sources. Solution involved :

  • Integration
  • Log Analysis
  • Custom DSM Development
  • Custom fields extractions

-Use case creation

  • Carried out the threat modelling exercise to understand the possible threat scenarios.
  • Developed the custom Use cases and dashboards based on privileged monitoring scenarios and available data sources.

-Tuning the QRadar environment

  • Creating rules, saving searches, and fine tuning
  • Scheduling and modifying reports

Benefits delivered

-Single point of monitoring all audit logs and alerts on violations, possible security threats for custom application/tools which have no OOB support in QRadar