QRadar Basic

The QRadar Basic track at Virtual Master Skills University is specially designed to help newer QRadar users (with less than one year of experience) accelerate their QRadar knowledge and skills. In live sessions led by QRadar subject matter experts, you'll learn about QRadar architecture and deployment types, administrative tasks, data and log sources, and more. Then, in self-paced virtual labs, you'll practice what you learned. If you're new to QRadar, don't miss this unique opportunity to jump-start your skills!

Click roadmap title to expand/collapse roadmap

Master Skills University 2020 - QRadar Basic

The total time required to complete this roadmap is 23h 17m.

Welcome to Virtual Master Skills University 2020! This is IBM Security's very first virtual Master Skills event, and we're thrilled that you've chosen to spend part of your week with us. Each day, you'll experience advanced-level knowledge transfer from our top subject matter experts, get hands-on with self-paced virtual labs, and have opportunities to chat live with our experts. Here on Security Learning Academy, you'll find replays of the live Master Skills University sessions, all of the hands-on virtual Master Skills University labs, a virtual Escape Room game, additional relevant courses to help you continue your learning, and more.

To join the live sessions each day, use the “Attendee Catalog” link in your event confirmation and reminder emails. When they are available, recordings of the live sessions will become available here on Security Learning Academy. You cannot access the live sessions from Security Learning Academy.


Day 1: Monday, Sept 21, 2020


Day 2: Tuesday, Sept 22, 2020


Day 3: Wednesday, Sept 23, 2020


Day 4: Thursday, Sept 24, 2020 (Cloud Pak for Security)


Additional Learning


Masters Skills University Escape Room - QRadar Basic

Welcome to the Masters Skills University 2020 Escape Room for QRadar Basic.

It’s check-out time!

You just completed a 3-day course, and now it’s time to check out of your hotel and make your way to the lobby to catch your plane home. Make your way from your room to the lobby to complete the game.

Your Mission: Starting in your hotel room, answer questions to gain “keys” to unlock the door and move to the next room. There will be both quiz questions relating to your courses and trivia questions to help you navigate through the hotel and to the lobby.

Good luck!

This is a 360-degree presentation. Use your mouse to click and drag to view the environment.


QRadar offense prioritization

In this session from Virtual Master Skills University 2020, you will learn how QRadar represents offenses and what information you can get out of them.

QRadar rules and building blocks

In this session from Virtual Master Skills University 2020, you will learn the different types and categories of rules & building blocks. You will also learn how to build rules from scratch and verify the results.

QRadar assets

In this session from Virtual Master Skills University 2020, you will learn the importance of assets in QRadar and what information they provide when investigating incidents.

QRadar flows

In this session from Virtual Master Skills University 2020, you will learn what flows are and their importance in detecting anomaly communications.

QRadar custom log sources

In this session from Virtual Master Skills University 2020, you will learn how to use the DSM Editor to create custom log sources in QRadar.

Investigate cybersecurity threats using QRadar Analyst Workflow virtual lab

The QRadar Analyst Workflow application provides security analysts with a new UI to investigate offenses and search for threats. Some highlights of the new investigation workflows include:

  • Critical information to help inform decision making is one click away. Objects like IP addresses, Log Sources, Events, Insights, Magnitude, and more can be selected to expose a side panel that will provide additional context and details
  • Filters are available when tables of information is exposed to help users narrow down results
  • AQL smart query builder enables an analyst to search for common objects like IP, Hash, URL, and more without having to build a query
  • Performance improvements in loading screens and navigating between workflows

QRadar event data sources and log source management

In this session from Virtual Master Skills University 2020, you will learn what data sources are and how they can be integrated in QRadar. You will also learn about log sources and how they are managed.

An overview to navigating QRadar

In this session from Virtual Master Skills University 2020, you will get a first impression, how to navigate the QRadar UI.

QRadar architecture and deployment types

In this session from Virtual Master Skills University 2020, you will learn where and how QRadar is deployed, understand the role of each appliance type, and understand how QRadar collects and processes data.

Using IBM QRadar SIEM

With IBM Security QRadar SIEM, you can minimize the time gap between when suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in the log events and network flows of your IT deployment. QRadar can connect the dots and provides you insight by performing the following tasks:
  • Alerts to suspected attacks and policy violations in the IT environment
  • Provides deep visibility into network, user, and application activity
  • Puts security-relevant data from various sources in context with each other
  • Provides reporting templates to meet operational and compliance requirements
  • Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use

The exercises in this lab provide a broad introduction to the features of QRadar SIEM. The exercises cover the following topics:

  • Navigating the web interface
  • Reviewing the Pulse app
  • Investigating a suspicious activity
  • Use QRadar Analyst Workflow app to investigate offenses
  • Creating a report
  • Managing the network hierarchy

Introduction to Log Sources

In this lab, you configure IBM Security QRadar to recognize an unknown event. You search for and sort your log sources in the Log Source Management app. You bulk add and bulk edit multiple log sources. Finally, you test a new log source.



    QRadar Use Case Manager app overview

    The IBM QRadar Use Case Manager app provides many options for filtering and searching rules in IBM Security QRadar. You can create custom views and reports of your rules based on a wide variety of criteria, and view relationships between rules and content packs, log sources, reference sets, and other data.

    In addition to the filtering and searching options, the Use Case Manager app lets you view and configure your coverage of the MITRE ATT&CK framework. You can also view and add a number of recommended changes to your rules.

    Tuning recommendations, unique to your environment, are also available in the Use Case Manager app.  Follow guidance in the app to tune your rules that generate the most offences to reduce false-positives. You can update network hierarchy, building blocks, and server discovery based on recommendations.

    The Use Case Manager helps you to keep QRadar optimally configured to accurately detect threats throughout the attack chain.