QRadar SIEM
In this video, you learn how to use rule explorer in the QRadar Use Case Manager app, which offers flexible reports related to your rules. QRadar Use Case Manager also packages the Cyber Advisory Framework Mapping application to expose pre-defined mappings to system rules and to help you map your own custom rules to MITRE ATT&CK tactics and techniques.
In this video, you review how to use the DSM Editor to select a log
source type, configure property parsing, and create new event categories
and mapping. You also examine the new features of the DSM Editor, which
are contained in the Configuration section.
This video focuses on the new features: log source autodetection and properties. These features are available with QRadar SIEM 7.3.3.
This video is intended for new administrators, or users, who have inherited QRadar responsibilities in their organization and want a crash course on how to maintain and manage QRadar. The goal of this video is to give administrators an idea, of what to review on a daily, weekly, and monthly basis to prevent support calls and understand QRadar as a new administrator.
This IBM QRadar Support Open Mic session was recorded on Thursday, 25 April 2019.
The Ariel Query Language (AQL) is
a structured query language that you use to communicate with the Ariel
databases. You can use AQL to extract, filter, and perform actions on
event and flow data that you extract from the Ariel database in IBM
Security
QRadar.
AQL is used for advanced searches
to get data that might not be easily accessible from the user interface.
This provides extended functionality to QRadar's search and filtering
capabilities.
In this lab you learn how to utilize AQL for some advanced search tactics inside QRadar SIEM.
This course provides useful information for administrators to understand how the Console deploys user changes to managed hosts. See the difference between Deploy Changes and Deploy Full Configuration and what impact they have on events, flows and offenses. Discover how to audit users that initiated changes and monitor the progress of deployment actions. Learn about troubleshooting steps when a Deploy Changes does not complete.
QRadar Fundamentals
This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.
Overview
These courses introduce you to basic QRadar concepts and architecture.
Core functionality
These courses explain the functional components and core concepts of QRadar.
Apps
These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.
Skill badges
IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.
Commercial courses
Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.
QRadar SIEM Administrator
QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.
Operational Tasks
These courses teach you how to perform operational tasks for your QRadar environment.
DevOps
These courses teach you how to implement extensions and enhancements in your QRadar environment.
Troubleshooting
These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.
QRadar SIEM Analyst
QRadar SIEM Analysts are responsible for monitoring security incidents, investigating security event log information and network flows, scheduling vulnerability scanning, and coordinating remediation activities.
Investigations
These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks
QRadar SIEM Architect
QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.