Question & Answer
Question
What are the current detection capabilities of QRadar EDR (formerly ReaQta)?
Answer
Current detection capabilities of QRadar EDR include:
- 9 default protection policies.
- 26 default DeStra (Detection Strategy)
That apart there are blocklist policies that, provide an extra layer of protection. These match hashes and application directories in their matchers and kill the offending process based on the configuration.
To view the default protection policies, goto GUI --> Policies and apply the following filters:
![image-20220927173515-3](/support/pages/system/files/inline-images/image-20220927173515-3.png)
These are the default protection policies available:
![image-20220927173458-2](/support/pages/system/files/inline-images/image-20220927173458-2.png)
Similarly, to view default DeStra's, goto GUI-->DESTRA, apply this filter:
![image-20220927173701-4](/support/pages/system/files/inline-images/image-20220927173701-4.png)
The 26 DeStra's are as follows:
![image-20221006123301-1](/support/pages/system/files/inline-images/image-20221006123301-1.png)
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSAAA2","label":"Administrative Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Product Synonym
ReaQta
Was this topic helpful?
Document Information
Modified date:
17 May 2023
UID
ibm16824135