QRadar SIEM

Using the Rule Explorer in the QRadar Use Case Manager app

In this video, you learn how to use rule explorer in the QRadar Use Case Manager app, which offers flexible reports related to your rules. QRadar Use Case Manager also packages the Cyber Advisory Framework Mapping application to expose pre-defined mappings to system rules and to help you map your own custom rules to MITRE ATT&CK tactics and techniques.

Log source autodetection and properties with the QRadar DSM Editor
NEW

In this video, you review how to use the DSM Editor to select a log source type, configure property parsing, and create new event categories and mapping. You also examine the new features of the DSM Editor, which are contained in the Configuration section. 

This video focuses on the new features: log source autodetection and properties. These features are available with QRadar SIEM 7.3.3.


Maintaining QRadar 101 - Open Mic

This video is intended for new administrators, or users, who have inherited QRadar responsibilities in their organization and want a crash course on how to maintain and manage QRadar. The goal of this video is to give administrators an idea, of what to review on a daily, weekly, and monthly basis to prevent support calls and understand QRadar as a new administrator. 

This IBM QRadar Support Open Mic session was recorded on Thursday, 25 April 2019.

Using AQL for Advanced Searches in IBM QRadar SIEM

The Ariel Query Language (AQL) is a structured query language that you use to communicate with the Ariel databases. You can use AQL to extract, filter, and perform actions on event and flow data that you extract from the Ariel database in IBM Security QRadar.

AQL is used for advanced searches to get data that might not be easily accessible from the user interface. This provides extended functionality to QRadar's search and filtering capabilities.

In this lab you learn how to utilize AQL for some advanced search tactics inside QRadar SIEM.


Deploy Changes in QRadar

This course provides useful information for administrators to understand how the Console deploys user changes to managed hosts. See the difference between Deploy Changes and Deploy Full Configuration and what impact they have on events, flows and offenses. Discover how to audit users that initiated changes and monitor the progress of deployment actions. Learn about troubleshooting steps when a Deploy Changes does not complete. 

Click roadmap title to expand/collapse roadmap

QRadar Fundamentals

This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.


Overview

These courses introduce you to basic QRadar concepts and architecture.

Core functionality

These courses explain the functional components and core concepts of QRadar.

Apps

These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.

Skill badges

IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.

Commercial courses

Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Administrator

QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.


Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.
Sizing and Scoping your QRadar SIEM Deployment Open Mic
Intermediate
Deploy Changes in QRadar
Intermediate
Using QRadar SIEM License Management
Foundational
QRadar License Management event and flow processing capacity
Foundational
License Management in QRadar SIEM
Foundational
Index Management in IBM Security QRadar SIEM
NEW
Intermediate
Aggregated Data Management in IBM Security QRadar SIEM
NEW
Intermediate
QRadar foundations - Data retention
Foundational
QRadar SIEM Log Source Custom Properties
Advanced
Configuring the QRadar log source parsing order
Intermediate
QRadar Log Source Management App v 5.0
Foundational
QRadar SIEM - Deploying an App Node
Intermediate
How to add an App Host to QRadar SIEM
Intermediate
Planning your migration from QRadar App Node to App Host
Intermediate
Adding a QNI appliance to the QRadar deployment
Foundational
Setting up a QRadar Network Insights appliances stack
Foundational
How to use IBM X-Force Threat Intelligence and integrate with QRadar SIEM
Intermediate
QRadar SIEM Operational Tasks
Intermediate
Using QRadar SIEM backup management
Foundational
Deploying managed QRadar WinCollect agents
Intermediate
QRadar Software Updates and Best Practice Admin Checklist Open Mic
Advanced
QRadar upgrades best practices - Open Mic
Intermediate
QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic
Intermediate
Maintaining QRadar 101 - Open Mic
Intermediate
Keeping QRadar up-to-date
Foundational
Deployment resilience and high availability for QRadar
Intermediate
Academy Service Level Agreement and Contacts

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.

Troubleshooting

These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Architect

QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.


Investigations

These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks

Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.