QRadar Analyst Workflow
QRadar Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offense to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
The Offenses page displays a table of the offenses in your JSA environment that you can filter in many different ways. It also includes graphical representations of offenses, by magnitude, assignee, and type. From this page, you can investigate an offense to determine the root cause of an issue and work to resolve it.
The Search page includes a Query Builder that you can use to build an Ariel Query Language (AQL) search to find specific offenses. Create a search using examples, saved or shared searches, or typing directly into the Query Builder. The Search page also includes links to many resources to learn about creating AQL queries.
The Apps list includes JSA apps that are compatible with the new Analyst Workflow. The first release of the workflow includes the Dashboards (Pulse) app. QRadar Pulse is a dashboard app that you can use to communicate insights and analysis about your network. For more information, see the Pulse App Guide.