The total time required to complete this roadmap is 17h 24m.
QRadar SIEM Administrator
The total time required to complete this roadmap is 46h 53m.
QRadar SIEM Analyst
The total time required to complete this roadmap is 22h 44m.
QRadar SIEM Architect
The total time required to complete this roadmap is 16h 34m.
Managed Security Service Providers (MSSP)
The total time required to complete this roadmap is 4h 50m.
In this course, you learn about domain and tenant management capabilities in IBM Security QRadar. Managed Security Service Providers (MSSPs) use these capabilities to provide services to their customers in a shared multi-tenant environment. Multi-divisional organizations can benefit from these features as well.
Domain and tenant management capabilities are essential when you want to provide services from a shared QRadar environment. Every internal customer becomes a tenant in your QRadar deployment and each has different requirements. To separate your tenants' data, you define domains.
In this video, you learn about the following new capabilities and features of IBM Security QRadar 7.4:
- QRadar focus in 2020
- Platform updates
- Data management
- QRadar Network Insights
- QRadar Vulnerability Manager
- QRadar Apps
- QRadar Community Edition
IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.
In this course, you learn how QRadar analyzes your flow data for applications, flow direction, and superflows. You also learn how to build a QRadar flow rule, and how to perform flow searches in QRadar.
This video provides an overview of key Log
Source Management app features. In addition to the overview, the video
demonstrates how to bulk add and bulk edit log sources, and how to test
log sources with the app.
- Learn about the new Disconnected Log Manager feature
- Explore the Log Source Management app user interface
- Learn how to bulk add and edit log sources
- Learn how to test log sources to confirm whether they are configured correctly
This course teaches you how to avoid many common issues when configuring
log sources for QRadar that use the Log File protocol. In addition,
you also learn how to configure both FTPS and passwordless SCP
authentication for Log File log sources. Finally, you learn how to
configure and test Log File log sources in the QRadar Log Source
This course provides an introduction to IBM Security QRadar architectural patterns for Managed Security Service Providers (MSSPs).
An MSSP provides
Security Operations Center (SOC) services to customers of different
sizes and requirements. This will result in different architectural
patterns and use of QRadar
Console, Event collectors (EC), Event processors (EP), and Disconnected
Log Collectors (DLC).
The intent of the MSSP SOC is to offer services to multiple clients and at the same time to ensure confidentiality, integrity, and availability of services and data to their clients. To accomplish this goal, the QRadar components can be deployed across three zones that rely on the QRadar core functions for data isolation, such as users access management, domains, and tenants.