What's new in the QRadar Advisor with Watson app
Learn about the new features, fixes, and enhancements in the latest QRadar® Advisor with Watson™ app release.
Watson Discovery Service deprecation (July 12, 2023)
The QRadar Advisor with Watson app is updating the data sources used by AI and Machine Learning (ML) models on 12 July 2023 to remove an open-source content enrichment open source feed for the Watson Discovery Service (WDS). For users, the removal of the Watson Discovery Service is not expected to reduce data quality. No administrator actions are required in the QRadar Advisor with Watson application. For more information, see this technical note. (https://www.ibm.com/support/pages/node/6998395)
Version 2.6.5 (Released April 2023)
Fixed an issue with AQL query that would fail when single quotes were included in the rule name.
Fixed the following security vulnerabilities: CVE-2018-25031, CVE-2023-25577, CVE-2022-40897, CVE-2018-18074, CVE-2022-24999, CVE-2021-29489, CVE-2018-20801.
Version 2.6.4 (Released February 2023)
Fixed an issue that prevented up to 10 cases from automatic investigating.
Version 2.6.3 (Released 06 May 2022)
Fixed links that pointed to incorrect search results for MITRE evidence.
- CVE-2020-11022
- CVE-2020-11023
- CVE-2018-20225
- CVE-2021-3572
- CVE-2021-32839
- CVE-2021-23727
Version 2.6.2 (Released 18 October 2021)
Version 2.6.1 (Released 25 February 2021)
Fixed an issue that made it impossible to configure or use the app due to syslog configuration in conjunction with App Host. This issue is commonly seen as not being able to save authorized service tokens or QRadar Advisor with Watson property mappings.
Version 2.6.0 (Released 14 October 2020)
- QRadar Advisor with Watson version 2.6.0 or earlier is supported only on QRadar versions 7.3.3, 7.4.0, 7.4.1.
- The memory that is required for the QRadar Advisor with Watson app is 1024 MB. The bundled QRadar Use Case Manager app requires an extra 500 MB.
Integration with the IBM Security QRadar Analyst Workflow app
You can now switch between a dark and light theme UI with the integration into the QRadar Analyst Workflow app and the new user interface for QRadar.
To switch the user interface to the new dark theme, on the IBM QRadar navigation menu, click Try the New UI. For more information about the QRadar Analyst Workflow, see QRadar Analyst Workflow.
Provide Watson AI evaluation when closing an offense
When you close an offense in QRadar, you can now provide your evaluation of the Watson AI prioritization model's determination.
New column that displays Watson AI priority
You can now view the Watson AI priority determination of an offense on the QRadar Offenses page.
Filter offenses on the offense table in QRadar
You can now filter offenses by Advisor with Watson priority on the QRadar Offenses page. By filtering on Advisor with Watson on the offense table, you can view a single or a subset of Advisor with Watson AI prioritizations.
Use Case Manager updated
- If you already have a version of QRadar Use Case Manager installed, it will either upgrade the app or do nothing if your current version is the same or newer.
- The QRadar Use Case Manager is only installed after you configure the QRadar Advisor with Watson app with an authorized service token. For more information, see Creating authorized service tokens.
Defect fixes
- Fixed an issue that prevented investigations from being viewed or deleted in QRadar Advisor with Watson if the offense was deleted in QRadar.
- Fixed an issue that caused some logs to not rotate as scheduled.
- Fixed an issue that caused headers to be displayed in webhooks.
- Fixed an issue that prevented Advisor logs from being viewed inside the QRadar Event Viewer.
- Fixed an issue that displayed inaccurate Asset Network information.