QRadar SIEM
IBM QRadar SIEM Advanced Topics
IBM QRadar enables you to
minimize the time gap between when a suspicious activity occurs and when
you detect it. Attacks and policy violations leave their footprints in
log events and network flows of your IT systems. To connect the dots,
QRadar SIEM
correlates these scattered events and flows into offenses that alert
you to suspicious activities. Using the skills taught in this course,
you will be able to thoroughly understand and configure QRadar rules,
work with reference data, and create and manage uncommon log sources.
Objectives
- Create and manage uncommon log source types
- Leverage reference data collections
- Develop and manage custom rules
- Develop and manage custom action scripts
- Develop and manage anomaly detection rules
This is a commercial course (BQ203) taught by IBM's network of Global Training Providers.
IBM QRadar SIEM Foundations
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted
as offenses. In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.
Objectives:
- Describe how QRadar SIEM collects data to detect suspicious activities
- Describe the QRadar SIEM component architecture and data flows
- Navigate the user interface
- Investigate suspected attacks and policy breaches
- Search, filter, group, and analyze security data
- Investigate the vulnerabilities and services of assets
- Use network hierarchies
- Locate custom rules and inspect actions and responses of rules
- Analyze offenses created by QRadar SIEM
- Use index management
- Navigate and customize the QRadar SIEM dashboard
- Use QRadar SIEM to create customized reports
- Use charts and filters
- Use AQL for advanced searches
- Analyze a real world scenario
This is a commercial course (BQ103) taught by IBM's network of Global Training Providers.
Click roadmap title to expand/collapse roadmap
QRadar Fundamentals
This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.
Overview
These courses introduce you to basic QRadar concepts and architecture.
Why QRadar SIEM?
Using IBM QRadar SIEM
QRadar Architecture
QRadar Deployment Architecture
Gaining visibility with QRadar Network Insights
Core functionality
These courses explain the functional components and core concepts of QRadar.
QRadar foundations - Events
QRadar foundations - Flows
QRadar foundations - Rules and Offenses
QRadar foundations - Network Hierarchy
QRadar foundations - Assets
Log source concepts - protocols and Device Support Modules
How coalescing works in QRadar
Determining indicators for threat detection with QRadar SIEM
Managing Custom Rules in QRadar SIEM
Overview of Building Blocks in QRadar SIEM
Using host definition and host reference building blocks in QRadar SIEM
Local versus global rules in QRadar SIEM
Using QRadar reference data collections
Using QRadar SIEM License Management
QRadar foundations - user management
QRadar domains and tenants Open Mic
Overview of using threat intelligence data with QRadar SIEM
Apps
These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.
IBM QRadar DNS Analyzer - Overview
How to navigate the QRadar Experience Center App interface
Experience Center - Demonstration of Threat Simulator use cases
Skill badges
IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.
Commercial courses
Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.
Click roadmap title to expand/collapse roadmap
QRadar SIEM Administrator
QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.
Operational Tasks
These courses teach you how to perform operational tasks for your QRadar environment.
Sizing and Scoping your QRadar SIEM Deployment Open Mic
Deploy Changes in QRadar
Using QRadar SIEM License Management
QRadar License Management event and flow processing capacity
License Management in QRadar SIEM
Index Management in IBM Security QRadar SIEM
NEW
Aggregated Data Management in IBM Security QRadar SIEM
NEW
QRadar foundations - Data retention
QRadar SIEM Log Source Custom Properties
Configuring the QRadar log source parsing order
QRadar Log Source Management App v 5.0
QRadar SIEM - Deploying an App Node
How to add an App Host to QRadar SIEM
Planning your migration from QRadar App Node to App Host
Adding a QNI appliance to the QRadar deployment
Setting up a QRadar Network Insights appliances stack
How to use IBM X-Force Threat Intelligence and integrate with QRadar SIEM
QRadar SIEM Operational Tasks
Using QRadar SIEM backup management
Deploying managed QRadar WinCollect agents
QRadar Software Updates and Best Practice Admin Checklist Open Mic
QRadar upgrades best practices - Open Mic
QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic
Maintaining QRadar 101 - Open Mic
Keeping QRadar up-to-date
Deployment resilience and high availability for QRadar
Academy Service Level Agreement and Contacts
DevOps
These courses teach you how to implement extensions and enhancements in your QRadar environment.
Determining indicators for threat detection with QRadar SIEM
Managing Custom Rules in QRadar SIEM
Developing Custom Rules in IBM QRadar SIEM
Local versus global rules in QRadar SIEM
Overview of Building Blocks in QRadar SIEM
How to configure rule actions in QRadar SIEM
Using host definition and host reference building blocks in QRadar SIEM
How to locate rules that triggered in QRadar SIEM
Developing efficient rules in QRadar SIEM
Using the Rule Explorer in the QRadar Use Case Manager app
Developing Anomaly Detection Rules in IBM QRadar SIEM
QRadar reference data collections use cases
Introduction to Custom Action Scripts
QRadar SIEM Integration & Extension
Creating custom log sources in QRadar SIEM
Log source autodetection and properties with the QRadar DSM Editor
NEW
Developing log source types in QRadar SIEM
Configuration and benefits of an AWS log source in QRadar
Utilizing the Log Event Extended Format (LEEF) in QRadar
QRadar log sources - General configuration tips
QRadar Tuning - Open Mic
Creating reports in QRadar SIEM
QRadar SIEM API
Troubleshooting
These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.
QRadar Troubleshooting - Overview
QRadar Troubleshooting - Tools
Getting started with QRadar Deployment Intelligence
QRadar WinCollect Troubleshooting Open Mic
QRadar Troubleshooting Lab - Part 1: get_logs
QRadar Troubleshooting Lab - Part 2: Debugging the environment
QRadar Troubleshooting Lab - Part 3: Resource tuning
QRadar Troubleshooting Lab - Part 4: Unknown log source
Developing efficient rules in QRadar SIEM
Considering QRadar rule capacity determined by performance analysis
QRadar Troubleshooting Lab - Custom Rules
How to update the QRadar network hierarchy to prevent false positive offenses
Click roadmap title to expand/collapse roadmap
QRadar SIEM Analyst
QRadar SIEM Analysts are responsible for monitoring security incidents, investigating security event log information and network flows, scheduling vulnerability scanning, and coordinating remediation activities.
Investigations
These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks
Using IBM QRadar SIEM
QRadar SIEM Investigation - Working with Offenses
QRadar SIEM Investigation
Using search efficiently in QRadar
NEW
Searching your QRadar data efficiently - Open Mic
NEW
QRadar SIEM Integration & Extension
Using AQL for Advanced Searches in IBM QRadar SIEM
How to perform Network Analysis using QRadar SIEM Dashboard Items
QRadar Detecting Ransomware, Phishing and Malware
How to configure rule actions in QRadar SIEM
Advanced Search and Use Cases
QRadar SIEM Advanced Investigation & Use Cases
QRadar SIEM Advanced Investigation for Windows - Sysmon Use Cases
Creating reports in QRadar SIEM
Domain Generation Algorithm detection with QRadar DNS Analyzer
Domain squatting detection with QRadar DNS Analyzer
Filtering DNS traffic with QRadar DNS Analyzer
Click roadmap title to expand/collapse roadmap
QRadar SIEM Architect
QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.
Investigations
These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks
Operational Tasks
These courses teach you how to perform operational tasks for your QRadar environment.
QRadar Log Source Management App
Sizing and Scoping your QRadar SIEM Deployment Open Mic
QRadar License Management event and flow processing capacity
QRadar SIEM - Deploying an App Node
QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic
DevOps
These courses teach you how to implement extensions and enhancements in your QRadar environment.
QRadar SIEM Integration & Extension
Determining indicators for threat detection with QRadar SIEM
Developing Custom Rules in IBM QRadar SIEM
Local versus global rules in QRadar SIEM
Overview of Building Blocks in QRadar SIEM