In this foundational education event, Brian White, from the IBM Security Learning Academy, presents an introduction to IBM Security QRadar flows and QRadar Network Insights (QNI), and IBM QRadar Support Lead YiFeng You presents solutions to common customer issues with QNI. 

During this session, we explain how flows differ from events, and what types of investigations you can perform with flows. We then talk about the QRadar flow pipeline, and how QNI can enhance your flow insights. Next, we look at QNI workflows, including investigations into encrypted traffic.  Finally, we discuss common customer issues with QNI and how to resolve them. 

Use the guided tips in the IBM Security QRadar Use Case Manager app to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain.

In this video, you learn how to explore rules through visualization and generated reports, how to tune your environment based on built-in analysis, and how you can visualize threat coverage across the MITRE ATT&CK framework.

When you send your log file data to IBM Security QRadar, it is first parsed inside a Device Support Module (DSM) so that QRadar can fully utilize the normalized data for event and offense processing. Sometimes you encounter data that cannot be correctly parsed, or you are dealing with multiple log sources running on one physical system. 

In this course, Jose Bravo reviews the basic processes inside a QRadar DSM and explains how events are flagged. He demonstrates how to find the correct parser for your log source, and how to handle the parsing order in case you have deployed more than one log source on a physical machine.

Using the attached additional resources, you can run these scenarios on your own QRadar Community Edition (or other QRadar) deployment.

• Introduction
  
• When parsing does not work
• SIM Generic
• Stored and Unknown
• Parsing order intro and examples 
• Syslog redirect
• Property formats
• Setting the lab up

This course provides an introduction to IBM Security QRadar architectural patterns for Managed Security Service Providers (MSSPs). 

An MSSP provides Security Operations Center (SOC) services to customers of different sizes and requirements. This will result in different architectural patterns and use of QRadar Console, Event collectors (EC), Event processors (EP), and Disconnected Log Collectors (DLC).

The intent of the MSSP SOC is to offer services to multiple clients and at the same time to ensure confidentiality, integrity, and availability of services and data to their clients. To accomplish this goal, the QRadar components can be deployed across three zones that rely on the QRadar core functions for data isolation, such as users access management, domains, and tenants.

This video presented by Jose Bravo discusses a technique to use Guardium Data Encryption and QRadar to help protect against ransomware.

The IBM QRadar Use Case Manager app provides many options for filtering and searching rules in IBM Security QRadar. You can create custom views and reports of your rules based on a wide variety of criteria, and view relationships between rules and content packs, log sources, reference sets, and other data.