The QRadar Basic track at Virtual Master Skills University is specially designed to help newer QRadar users (with less than one year of experience) accelerate their QRadar knowledge and skills. In live sessions led by QRadar subject matter experts, you'll learn about QRadar architecture and deployment types, administrative tasks, data and log sources, and more. Then, in self-paced virtual labs, you'll practice what you learned. If you're new to QRadar, don't miss this unique opportunity to jump-start your skills!
Master Skills University 2020 - QRadar Basic
The total time required to complete this roadmap is 23h 17m.
Welcome to Virtual Master Skills University 2020! This is IBM Security's very first virtual Master Skills event, and we're thrilled that you've chosen to spend part of your week with us. Each day, you'll experience advanced-level knowledge transfer from our top subject matter experts, get hands-on with self-paced virtual labs, and have opportunities to chat live with our experts. Here on Security Learning Academy, you'll find replays of the live Master Skills University sessions, all of the hands-on virtual Master Skills University labs, a virtual Escape Room game, additional relevant courses to help you continue your learning, and more.
To join the live sessions each day, use the “Attendee Catalog” link in your event confirmation and reminder emails. When they are available, recordings of the live sessions will become available here on Security Learning Academy. You cannot access the live sessions from Security Learning Academy.
Day 1: Monday, Sept 21, 2020
Day 2: Tuesday, Sept 22, 2020
Day 3: Wednesday, Sept 23, 2020
Day 4: Thursday, Sept 24, 2020 (Cloud Pak for Security)
Welcome to the Masters Skills University 2020 Escape Room for QRadar Basic.
It’s check-out time!
completed a 3-day course, and now it’s time to check out of your
hotel and make your way to the lobby to catch your plane home. Make your
way from your room to the lobby to complete the game.
Mission: Starting in your hotel room, answer questions to gain “keys” to
unlock the door and move to the next room. There will be both quiz
questions relating to your courses and trivia questions to help you
navigate through the hotel and to the lobby.
This is a 360-degree presentation. Use your mouse to click and drag to view the environment.
In this session from Virtual Master Skills University 2020, you will learn how QRadar represents offenses and what information you can get out of them.
In this session from Virtual Master Skills University 2020, you will learn the different types and categories of rules & building blocks. You will also learn how to build rules from scratch and verify the results.
In this session from Virtual Master Skills University 2020, you will learn the importance of assets in QRadar and what information they provide when investigating incidents.
In this session from Virtual Master Skills University 2020, you will learn what flows are and their importance in detecting anomaly communications.
In this session from Virtual Master Skills University 2020, you will learn how to use the DSM Editor to create custom log sources in QRadar.
The QRadar Analyst Workflow application provides security analysts with a new UI to investigate offenses and search for threats. Some highlights of the new investigation workflows include:
- Critical information to help inform decision making is one click away. Objects like IP addresses, Log Sources, Events, Insights, Magnitude, and more can be selected to expose a side panel that will provide additional context and details
- Filters are available when tables of information is exposed to help users narrow down results
- AQL smart query builder enables an analyst to search for common objects like IP, Hash, URL, and more without having to build a query
- Performance improvements in loading screens and navigating between workflows
In this session from Virtual Master Skills University 2020, you will learn what data sources are and how they can be integrated in QRadar. You will also learn about log sources and how they are managed.
In this session from Virtual Master Skills University 2020, you will get a first impression, how to navigate the QRadar UI.
In this session from Virtual Master Skills University 2020, you will learn where and how QRadar is deployed, understand the role of each appliance type, and understand how QRadar collects and processes data.
- Alerts to suspected attacks and policy violations in the IT environment
- Provides deep visibility into network, user, and application activity
- Puts security-relevant data from various sources in context with each other
- Provides reporting templates to meet operational and compliance requirements
- Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use
The exercises in this lab provide a broad introduction to the features of QRadar SIEM. The exercises cover the following topics:
- Navigating the web interface
- Reviewing the Pulse app
- Investigating a suspicious activity
- Use QRadar Analyst Workflow app to investigate offenses
- Creating a report
- Managing the network hierarchy
In this lab, you configure IBM Security QRadar to recognize an unknown event. You search for and sort your log sources in the Log Source Management app. You bulk add and bulk edit multiple log sources. Finally, you test a new log source.
The IBM QRadar Use Case Manager app provides many options for filtering and searching rules in IBM Security QRadar. You can create custom views and reports of your rules based on a wide variety of criteria, and view relationships between rules and content packs, log sources, reference sets, and other data.
In addition to the filtering and searching options, the Use Case Manager app lets you view and
configure your coverage of the MITRE ATT&CK framework. You can also view and add a number of
recommended changes to your rules.
recommendations, unique to your environment, are also available in the
Use Case Manager app. Follow guidance in the app to tune your rules
that generate the most offences to reduce false-positives. You can
update network hierarchy, building blocks,
and server discovery based on recommendations.
The Use Case Manager helps you to keep QRadar optimally configured to accurately detect threats throughout the attack chain.