info الوصف
الوظيفي
Devolve the Qradar update ETC, by talking snapshots of complete screen as a proof.
Review the system message/ notification and take actions accordingly and clear.
Review the offensive for false - positive and tu
the role accordingly in discussion with SOC team.
Review the dashboards for different system activities and maintain it.
Reviews the log sources credibility and collaborate with Qradar administrator (IT) to set accordingly.
Review the critical log sources for logs receiving or not and collaborate with Qradar administrator to maintain it.
Review the use cases and recommend improvements or new use cases.
Reviews the system performance and collaborate with Qradar administrator (IT) to maintain it.
Review Qradar date /config backup and collaborate with Qradar administrator (IT) to maintain it.
Create new rules for finalized used cases while test it with historical profiles where possible and keeping it under testing for some days.
Review the log source changes and maintain rules/ offense accordingly.
Maintain the network hierarchy and building blocks.
Create and maintain the reference sets.
Review the DR setup and maintain it for all the above activities
Regular changes in Qradar HOR should be by synched DR manually until the CMT functioning.
Review Qradar DR on 1st Monday every month and synch it with HOR.
Creating Dashboards, reports in coordination with monitoring team when required.
Proposing integration plan to Qradar administrator (IT), for better visibility and approach.