Delaware, USA – December 12, 2017 – New content for IBM QRadar is added to Use Case Cloud. These are DNS Security Check Advanced and External Top Domains Baseline Basic SIEM use cases. DNS Security Check is one of the most high-demand use cases, and the Advanced version of this package will allow organizations to more reliably protect themselves from sophisticated cyberattacks that abuse DNS protocol at various stages. Now your SIEM will timely inform administrators of any spike of DNS traffic that requires being investigated. Also, dashboards will display information about suspicious connections and every uncovered DNS servers in your organization. Using additional dashboards, you will be able to notice malicious activity promptly and prevent the escalation of an incident.
External Top Domains Baseline will help reduce the number of false positives in QRadar. You can add to exceptions the lists of domains contained in this case, and that can help not to waste your security team’s time in investigating incorrect indicators of compromise. Such a time saving can be critical during global outbreaks.
In Use Case Cloud, both of these use cases are also available for ArcSight and Splunk.
DNS Security Check Advanced for QRadar: https://ucl.socprime.com/use-case-library/info/189/
External Top Domains Baseline Basic for QRadar: https://ucl.socprime.com/use-case-library/info/430/