6 QRadar Searches

If you ever take a philosophical view on the technical aspect of Security Information and Event Management (SIEM), a fleeting thought is that SIEM is nothing but a very advanced search. Everything else is built to collect data, run correlation, run analytics, and then display the search in a better way. That is kind of true.

What we have learned and discussed so far is the way QRadar is deployed, its different components, how data is ingested, and so on. Now, we will start with using the ingested data to make sense of it. QRadar search is the most fundamental feature of QRadar. In this chapter, we will discuss QRadar searches and how we can optimize them and use them to the best that they can offer.

The following topics will ...

Get Building a Next-Gen SOC with IBM QRadar now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Building a Next-Gen SOC with IBM QRadar by Ashish M Kothekar, Sandeep Patil

6

QRadar Searches

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly