In this course, you learn about domain and tenant management capabilities in IBM Security QRadar. Managed Security Service Providers (MSSPs) use these capabilities to provide services to their customers in a shared multi-tenant environment. Multi-divisional organizations can benefit from these features as well.

Domain and tenant management capabilities are essential when you want to provide services from a shared QRadar environment. Every internal customer becomes a tenant in your QRadar deployment and each has different requirements. To separate your tenants' data, you define domains.

In this video, you learn about the following new capabilities and features of IBM Security QRadar 7.4:

• QRadar focus in 2020
• Platform updates
• Data management
• QRadar Network Insights 
• QRadar Vulnerability Manager 
• QRadar Apps
• QRadar Community Edition 

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn how QRadar analyzes your flow data for applications, flow direction, and superflows. You also learn how to build a QRadar flow rule, and how to perform flow searches in QRadar.

This video provides an overview of key Log Source Management app features. In addition to the overview, the video demonstrates how to bulk add and bulk edit log sources, and how to test log sources with the app.

Objectives

• Learn about the new Disconnected Log Manager feature
  
• Explore the Log Source Management app user interface
  
• Learn how to bulk add and edit log sources
• Learn how to test log sources to confirm whether they are configured correctly

This course teaches you how to avoid many common issues when configuring log sources for QRadar that use the Log File protocol.  In addition, you also learn how to configure both FTPS and passwordless SCP authentication for Log File log sources.  Finally, you learn how to configure and test Log File log sources in the QRadar Log Source Management app.

This course provides an introduction to IBM Security QRadar architectural patterns for Managed Security Service Providers (MSSPs). 

An MSSP provides Security Operations Center (SOC) services to customers of different sizes and requirements. This will result in different architectural patterns and use of QRadar Console, Event collectors (EC), Event processors (EP), and Disconnected Log Collectors (DLC).

The intent of the MSSP SOC is to offer services to multiple clients and at the same time to ensure confidentiality, integrity, and availability of services and data to their clients. To accomplish this goal, the QRadar components can be deployed across three zones that rely on the QRadar core functions for data isolation, such as users access management, domains, and tenants.