This course focuses on two conceptual log source components. Protocols, which ingest event data into the QRadar ecosystem, and Device Support Modules, which act on this ingested data. You will learn about the roles of these components, and how they are aligned in the event pipeline.
IBM QRadar SIEM enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. QRadar SIEM connects the dots and provides you insight by performing the following tasks:
- Alerts to suspected attacks and policy violations in the IT environment
- Provides deep visibility into network, user, and application activity
- Puts security-relevant data from various sources in context of each other
- Provides reporting templates to meet operational and compliance requirements
- Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use
The exercises in this lab provide a broad introduction into the features of QRadar SIEM. The exercises cover the following topics:
- Navigating the web interface
- Investigating a suspicious activity
- Creating a report
- Managing the network hierarchy
Understanding the architecture of the IBM QRadar ecosystem is viable for everyone in IT Security who is concerned with solutions within the security immune system. By learning how the central Security Intelligence components are designed to take in and process log events and flow data, you will be better equipped to holistically work as a Security Analyst with IBM QRadar. This course includes three videos:
- QRadar functional architecture and deployment models
- QRadar SIEM component architecture
- Dissecting the flow of a captured event
An offense represents a security incident related to a suspicious attack or policy violation. As event and flow data passes through QRadar SIEM, it tests different conditions to generate an offense if such tests results are positive.
In this 2-part video course you learn about investigating offenses that are based on either events or flows.
This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.
These courses introduce you to basic QRadar concepts and architecture.
These courses explain the functional components and core concepts of QRadar.
These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.
IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.
Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.
QRadar SIEM Administrator
QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.
These courses teach you how to perform operational tasks for your QRadar environment.
These courses teach you how to implement extensions and enhancements in your QRadar environment.
These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.
QRadar SIEM Analyst
QRadar SIEM Analysts are responsible for monitoring security incidents, investigating security event log information and network flows, scheduling vulnerability scanning, and coordinating remediation activities.
These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks
QRadar SIEM Architect
QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.