QRadar SIEM

IBM QRadar SIEM Advanced Topics

IBM QRadar enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities. Using the skills taught in this course, you will be able to thoroughly understand and configure QRadar rules, work with reference data, and create and manage uncommon log sources.


Objectives

  • Create and manage uncommon log source types
  • Leverage reference data collections
  • Develop and manage custom rules
  • Develop and manage custom action scripts
  • Develop and manage anomaly detection rules
This is a commercial course (BQ203) taught by IBM's network of Global Training Providers.

IBM QRadar SIEM Foundations

IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.


Objectives:

  • Describe how QRadar SIEM collects data to detect suspicious activities
  • Describe the QRadar SIEM component architecture and data flows
  • Navigate the user interface
  • Investigate suspected attacks and policy breaches
  • Search, filter, group, and analyze security data
  • Investigate the vulnerabilities and services of assets
  • Use network hierarchies
  • Locate custom rules and inspect actions and responses of rules
  • Analyze offenses created by QRadar SIEM
  • Use index management
  • Navigate and customize the QRadar SIEM dashboard
  • Use QRadar SIEM to create customized reports
  • Use charts and filters
  • Use AQL for advanced searches
  • Analyze a real world scenario
This is a commercial course (BQ103) taught by IBM's network of Global Training Providers.

Click roadmap title to expand/collapse roadmap

QRadar Fundamentals

This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.


Overview

These courses introduce you to basic QRadar concepts and architecture.

Core functionality

These courses explain the functional components and core concepts of QRadar.

Apps

These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.

Skill badges

IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.

Commercial courses

Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Administrator

QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.


Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.

Troubleshooting

These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Architect

QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.


Investigations

These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks

Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.