IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

starstarstarstarstar

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

After completing this course, you should be able to perform the following tasks:
Describe how QRadar collects data to detect suspicious activities
Describe the QRadar architecture and data flows
Navigate the user interface
Define log sources, protocols, and event details
Discover how QRadar collects and analyzes network flow information
Describe the QRadar Custom Rule Engine
Utilize the Use Case Manager app
Discover and manage asset information
Learn about a variety of QRadar apps, content extensions, and the App Framework
Analyze offenses by using the QRadar UI and the Analyst Workflow app
Search, filter, group, and analyze security data
Use AQL for advanced searches
Use QRadar to create customized reports
Explore aggregated data management
Define sophisticated reporting using Pulse Dashboards
Discover QRadar administrative tasks

1
  • Course Outline

  • Unit 0- IBM Security QRadar 7.4 - Fundamentals
    Unit 1- QRadar Architecture
    Unit 2- QRadar UI - Overview
    Unit 3- QRadar - Log Source
    Unit 4- QRadar flows and QRadar Network Insights
    Unit 5- QRadar Custom Rule Engine (CRE)
    Unit 6- QRadar Use Case Manager app
    Unit 7- QRadar - Assets
    Unit 8- QRadar extensions
    Unit 9- Working with Offenses
    Unit 10- QRadar - Search, filtering, and AQL
    Unit 11- QRadar - Reporting and Dashboards
    Unit 12- QRadar - Admin Console

Audience

This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.

Language

English

Prerequisites

Before taking this course, make sure that you have the following skills: IT infrastructure IT security fundamentals Linux Windows TCP/IP networking Syslog

$2,535

Length: 3.0 days (24 hours)

Level:

Not Your Location? Change

Course Schedule:

Schedule select
18
Dec
Monday
9:30 AM ET -
5:30 PM ET
Filling Fast
Available
Schedule select
29
Jan
Monday
9:30 AM ET -
5:30 PM ET
Filling Fast
Available
Schedule select
26
Feb
Monday
9:30 AM ET -
5:30 PM ET
Filling Fast
Available
Schedule select
25
Mar
Monday
9:30 AM ET -
5:30 PM ET
Filling Fast
Available
Loading...