QRadar SIEM

Log source concepts - protocols and Device Support Modules

This course focuses on two conceptual log source components. Protocols, which ingest event data into the QRadar ecosystem, and Device Support Modules, which act on this ingested data. You will learn about the roles of these components, and how they are aligned in the event pipeline.

Using IBM QRadar SIEM

IBM QRadar SIEM enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. QRadar SIEM connects the dots and provides you insight by performing the following tasks:

  • Alerts to suspected attacks and policy violations in the IT environment
  • Provides deep visibility into network, user, and application activity
  • Puts security-relevant data from various sources in context of each other
  • Provides reporting templates to meet operational and compliance requirements
  • Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use


Objective

The exercises in this lab provide a broad introduction into the features of QRadar SIEM. The exercises cover the following topics:

  • Navigating the web interface
  • Investigating a suspicious activity
  • Creating a report
  • Managing the network hierarchy

QRadar Architecture

Understanding the architecture of the IBM QRadar ecosystem is viable for everyone in IT Security who is concerned with solutions within the security immune system. By learning how the central Security Intelligence components are designed to take in and process log events and flow data, you will be better equipped to holistically work as a Security Analyst with IBM QRadar. This course includes three videos:

  1. QRadar functional architecture and deployment models
  2. QRadar SIEM component architecture
  3. Dissecting the flow of a captured event

QRadar SIEM Investigation - Working with Offenses

An offense represents a security incident related to a suspicious attack or policy violation. As event and flow data passes through QRadar SIEM, it tests different conditions to generate an offense if such tests results are positive.

In this 2-part video course you learn about investigating offenses that are based on either events or flows.

Click roadmap title to expand/collapse roadmap

QRadar Fundamentals

This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.


Overview

These courses introduce you to basic QRadar concepts and architecture.

Core functionality

These courses explain the functional components and core concepts of QRadar.

Apps

These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.

Skill badges

IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.

Commercial courses

Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Administrator

QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.


Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.

Troubleshooting

These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Architect

QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.


Investigations

These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks

Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.