Part B: Analysis via the IBM QRadar SIEM (5%)
1. As there is no existing QRadar SIEM rule to identify this intrusion, write a QRadar SIEM rule (or modify from an existing rule) to positively identify this intrusion and display it as an offense in the IBM QRadar SIEM console. (Hint: You may need to use a specific tool e.g. tcpreplay to replay back the captured PCAP file suspicious.pcap, in IBM QRadar SIEM to simulate the detection of this security incident)
2. On the IBM QRadar SIEM console, display the relevant visuals with the alerted malicious network traffic activities as captured.
3. Based on the offense detected, explain the Start Time, Storage Time and Log Source Time of this particular offense.
4. What is the Magnitude of this offense? Explain how you derive this rating from the Relevance, Severity and Credibility ratings.
5. Add a QRadar Note to it and suggest necessary remediation steps taken based on your investigation and analysis of this offense.
Hire a Professional Essay & Assignment Writer for completing your Academic Assessments
Native Singapore Writers Team
100% Plagiarism-Free Essay
Highest Satisfaction Rate
Free Revision
On-Time Delivery
Part C (5%) Include individual screen shots of the followings:
LinkedIn Modules certificate of completion for the recommended modules
TESSy Subject Survey completion
Stuck with a lot of homework assignments and feeling stressed ?
Take professional academic assistance & Get 100% Plagiarism free papers
The post Analysis via the IBM QRadar SIEM- As there is no existing QRadar SIEM rule to identify this intrusion, write a QRadar SIEM rule (or modify from an existing rule) to positively: Cybersecurity, Assignment, SIM appeared first on Singapore Assignment Help.