Building a Next-Gen SOC with IBM QRadar by Ashish M Kothekar
Author:Ashish M Kothekar
Language: eng
Format: epub
Publisher: Packt Publishing Pvt Ltd
Published: 2023-06-05T00:00:00+00:00
Different types of QRadar rules
Rules are lists of security conditions that are defined. QRadar has hundreds of rules out of the box. These rules cater to different use cases for cyber-attacks. The use cases are derived from continuous cyber-attacks that happen around the world. The QRadar development team works on different security use cases and continues to add new rules. These rules are added to QRadar via auto updates (we will discuss auto updates later in this chapter). Along with the default rules in QRadar, QRadar users can also create new custom rules based on events, flows, common rules (both events and flows), and other offenses. These are the different types of rules in QRadar:
Event rules: Rules are categorized based on what kind of data is required in the rule conditions. When events are evaluated against certain values, those rules are called event rules. These event rules will consist of different conditions for one or more events that happen in real time.
Flow rules: When rules have conditions based on one or more flows, they are called flow rules. Both event rules and flow rules are capable of triggering offenses if the conditions are met.
Common rules: It may be that we would like to detect an attack based on both events and flows. These are called common rules. As we know about flows, they add more value to the information that we can fetch from events. Events may have limited data based on how the end device is configured to collect the log data. Flow data will be complementary to event data and will help to create better use cases.
Offense rules: You can configure rules to trigger an offense where the condition depends on the statuses of other offenses. This helps when narrowing down fewer scenarios based on certain parameters. For example, you may add other conditions to offense rules to make them more specific.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Cryptography | Encryption |
| Hacking | Network Security |
| Privacy & Online Safety | Security Certifications |
| Viruses |
Future Crimes by Marc Goodman(3013)
Mastering Python for Networking and Security by José Manuel Ortega(2980)
Blockchain Basics by Daniel Drescher(2906)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2657)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2528)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2497)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2493)
The Art Of Deception by Kevin Mitnick(2312)
Machine Learning Security Principles by John Paul Mueller(2233)
The Code Book by Simon Singh(2228)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(2213)
Solidity Programming Essentials by Ritesh Modi(1931)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(1897)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1887)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(1885)
Wireless Hacking 101 by Karina Astudillo(1859)
DarkMarket by Misha Glenny(1853)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1845)
Mobile Forensics Cookbook by Igor Mikhaylov(1820)
