IBM Support

QRadar EDR (formerly ReaQta): List of current detection capabilities of QRadar EDR

Question & Answer


Question

What are the current detection capabilities of QRadar EDR (formerly ReaQta)?

Answer

Current detection capabilities of QRadar EDR include:
  1. 9 default protection policies.
  2. 26 default DeStra (Detection Strategy)

That apart there are blocklist policies that, provide an extra layer of protection. These match hashes and application directories in their matchers and kill the offending process based on the configuration.
To view the default protection policies, goto GUI --> Policies and apply the following filters:
image-20220927173515-3
These are the default protection policies available:
image-20220927173458-2
Similarly, to view default DeStra's, goto GUI-->DESTRA, apply this filter:
image-20220927173701-4
The 26 DeStra's are as follows:
image-20221006123301-1

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSAAA2","label":"Administrative Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Product Synonym

ReaQta

Document Information

Modified date:
17 May 2023

UID

ibm16824135

Page Feedback