QRadar SIEM

Click roadmap title to expand/collapse roadmap

QRadar Fundamentals

The total time required to complete this roadmap is 43h 16m.

This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.

Overview

These courses introduce you to basic QRadar concepts and architecture.

Core functionality

These courses explain the functional components and core concepts of QRadar.

Apps

These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.

Skill badges

IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.

Commercial courses

Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Administrator

The total time required to complete this roadmap is 50h 41m.

QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.

Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.
Sizing and scoping your QRadar deployment - Open Mic
Intermediate
Deploy Changes in QRadar
Intermediate
Using QRadar SIEM License Management
Foundational
QRadar License Management event and flow processing capacity
Foundational
License Management in QRadar SIEM
Foundational
Index Management in IBM Security QRadar SIEM
Intermediate
Aggregated Data Management in IBM Security QRadar SIEM
Intermediate
QRadar foundations - Data retention
Foundational
QRadar Log Source Management app 7.0
NEW
Foundational
QRadar Log Source Management App - Webinar
Intermediate
QRadar SIEM Log Source Custom Properties
Advanced
Configuring the QRadar log source parsing order
Intermediate
Configuring Log File log sources for QRadar
Intermediate
Managing Disconnected Log Collectors with the QRadar Log Source Management app
Intermediate
How to add an App Host to QRadar SIEM
Intermediate
Planning your migration from QRadar App Node to App Host
Intermediate
Adding a QNI appliance to the QRadar deployment
Foundational
Setting up a QRadar Network Insights appliances stack
Foundational
How to use IBM X-Force Threat Intelligence and integrate with QRadar SIEM
Intermediate
QRadar SIEM Operational Tasks
Intermediate
Using QRadar SIEM backup management
Foundational
Deploying managed QRadar WinCollect agents
Intermediate
QRadar Software Updates and Best Practice Admin Checklist - Open Mic
Advanced
QRadar upgrades best practices - Open Mic
Intermediate
QRadar Sysmon and Windows Endpoint Detection - Open Mic
Intermediate
Maintaining QRadar 101 - Open Mic
Intermediate
Keeping QRadar up-to-date
Foundational
Deployment resilience and high availability for QRadar
Intermediate
Academy Service Level Agreement and Contacts

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.
Determining indicators for threat detection with QRadar SIEM
Intermediate
Managing Custom Rules in QRadar SIEM
Intermediate
Developing Custom Rules in IBM QRadar SIEM
Intermediate
Local versus global rules in QRadar SIEM
Intermediate
Overview of Building Blocks in QRadar SIEM
Intermediate
How to configure rule actions in QRadar SIEM
Intermediate
Using host definition and host reference building blocks in QRadar SIEM
Intermediate
How to locate rules that triggered in QRadar SIEM
Foundational
Developing efficient rules in QRadar SIEM
Advanced
Using the Rule Explorer in the QRadar Use Case Manager app
Advanced
Investigating anomalies by understanding Anomaly Rules in QRadar
Intermediate
Developing Anomaly Detection Rules in IBM QRadar SIEM
Intermediate
QRadar reference data collections use cases
Intermediate
Introduction to Custom Action Scripts
Foundational
QRadar SIEM Integration & Extension
Intermediate
Creating custom log sources in QRadar SIEM
Intermediate
Log source autodetection and properties with the QRadar DSM Editor
Advanced
Creating custom log sources using the DSM Editor
Intermediate
Configuration and benefits of an AWS log source in QRadar
Intermediate
Configuring and testing AWS CloudTrail log source with SQS queue in QRadar
Intermediate
Utilizing the Log Event Extended Format (LEEF) in QRadar
Foundational
QRadar log sources - General configuration tips
Foundational
Creating an offense for monitoring an internal log source in QRadar
Intermediate
Protect against ransomware using Guardium Data Encryption and QRadar
Foundational
QRadar Use Case Manager Overview
Intermediate
QRadar Use Case Manager - New Features
Intermediate
QRadar Use Case Manager v2.2 + v2.3 Updates
Intermediate
QRadar Use Case Manager v2.3 Updates
Intermediate
Creating reports in QRadar SIEM
Foundational
QRadar SIEM API
Advanced
Let's talk about the QRadar app development framework V2 - Open Mic
Advanced
QRadar App Framework SDK V2
Advanced

Troubleshooting

These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.

Tuning

These courses teach you how to perform basic tuning tasks in your QRadar environment.


Click roadmap title to expand/collapse roadmap

QRadar SIEM Analyst

The total time required to complete this roadmap is 48h 24m.

QRadar SIEM Analysts are responsible for monitoring security incidents, investigating security event log information and network flows, scheduling vulnerability scanning, and coordinating remediation activities.

Investigations

These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks

Click roadmap title to expand/collapse roadmap

QRadar SIEM Architect

The total time required to complete this roadmap is 16h 34m.

QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.

Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.

Click roadmap title to expand/collapse roadmap

Managed Security Service Providers (MSSP)

The total time required to complete this roadmap is 5h 35m.

This roadmap depicts enablement assets for Managed Security Service Providers (MSSP). In addition to this roadmap, MSSPs should consider the assets that are provided in the QRadarFundamentals roadmap.

MSSP Foundation

These courses provide you with MSSP-related content covering concepts and architecture.

Apps integration

These courses cover the extensibility of the QRadar platform by deploying additional apps, with special emphasis for MSSPs.

IBM Security QRadar SIEM Foundations
NEW

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned. This course is based on IBM Security QRadar 7.4.1.

Objectives

  • Describe how QRadar collects data to detect suspicious activities
  • Describe the QRadar architecture and data flows
  • Navigate the user interface
  • Define log sources, protocols, and event details
  • Discover how QRadar collects and analyzes network flow information
  • Describe the QRadar Custom Rule Engine (CRE)
  • Use the Use Case Manager app
  • Discover and manage asset information
  • Learn about a variety of QRadar apps, content extensions, and the App Framework
  • Analyze offenses by using the QRadar UI and the Analyst Workflow app
  • Search, filter, group, and analyze security data
  • Use AQL for advanced searches
  • Use QRadar to create customized reports
  • Explore aggregated data management
  • Define sophisticated reporting using Pulse Dashboards
  • Discover QRadar administrative tasks


This is a commercial course (BQ104G) taught by IBM's network of Global Training Providers. To enroll in the course, follow the "View enrollment options" link to the IBM Training site to find a class that matches your location and schedule needs.

IBM QRadar SIEM Advanced Topics

IBM QRadar enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities. Using the skills taught in this course, you will be able to thoroughly understand and configure QRadar rules, work with reference data, and create and manage uncommon log sources.


Objectives

  • Create and manage uncommon log source types
  • Leverage reference data collections
  • Develop and manage custom rules
  • Develop and manage custom action scripts
  • Develop and manage anomaly detection rules
This is a commercial course (BQ203) taught by IBM's network of Global Training Providers.

IBM QRadar SIEM Foundations

IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.


Objectives:

  • Describe how QRadar SIEM collects data to detect suspicious activities
  • Describe the QRadar SIEM component architecture and data flows
  • Navigate the user interface
  • Investigate suspected attacks and policy breaches
  • Search, filter, group, and analyze security data
  • Investigate the vulnerabilities and services of assets
  • Use network hierarchies
  • Locate custom rules and inspect actions and responses of rules
  • Analyze offenses created by QRadar SIEM
  • Use index management
  • Navigate and customize the QRadar SIEM dashboard
  • Use QRadar SIEM to create customized reports
  • Use charts and filters
  • Use AQL for advanced searches
  • Analyze a real world scenario
This is a commercial course (BQ103) taught by IBM's network of Global Training Providers.

IBM Security QRadar SIEM Foundations
NEW

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned. This course is based on IBM Security QRadar 7.4.1.

Objectives

  • Describe how QRadar collects data to detect suspicious activities
  • Describe the QRadar architecture and data flows
  • Navigate the user interface
  • Define log sources, protocols, and event details
  • Discover how QRadar collects and analyzes network flow information
  • Describe the QRadar Custom Rule Engine (CRE)
  • Use the Use Case Manager app
  • Discover and manage asset information
  • Learn about a variety of QRadar apps, content extensions, and the App Framework
  • Analyze offenses by using the QRadar UI and the Analyst Workflow app
  • Search, filter, group, and analyze security data
  • Use AQL for advanced searches
  • Use QRadar to create customized reports
  • Explore aggregated data management
  • Define sophisticated reporting using Pulse Dashboards
  • Discover QRadar administrative tasks


This is a commercial course (BQ104G) taught by IBM's network of Global Training Providers. To enroll in the course, follow the "View enrollment options" link to the IBM Training site to find a class that matches your location and schedule needs.