QRadar SIEM
Click roadmap title to expand/collapse roadmap
QRadar Fundamentals
The total time required to complete this roadmap is 17h 24m.
This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.
Overview
These courses introduce you to basic QRadar concepts and architecture.
Why QRadar SIEM?
Using IBM QRadar SIEM
QRadar Architecture
QRadar Architectural patterns for Managed Security Service Providers
QRadar Deployment Architecture
Gaining visibility with QRadar Network Insights
What's new in QRadar 7.4 - Webinar
Core functionality
These courses explain the functional components and core concepts of QRadar.
QRadar foundations - Events
Introducing QRadar Flows
QRadar flow analysis and investigations
QRadar foundations - Rules and Offenses
QRadar foundations - Network Hierarchy
QRadar foundations - Assets
Log source concepts - protocols and Device Support Modules
How coalescing works in QRadar
Determining indicators for threat detection with QRadar SIEM
Managing Custom Rules in QRadar SIEM
Overview of Building Blocks in QRadar SIEM
Using host definition and host reference building blocks in QRadar SIEM
Local versus global rules in QRadar SIEM
Using QRadar reference data collections
Using QRadar SIEM License Management
QRadar foundations - user management
Domain and Tenant Management for QRadar
Using domains and tenants in QRadar
NEW
Using the RESTful API for Domain and Tenant Management in QRadar
QRadar domains and tenants Open Mic
Overview of using threat intelligence data with QRadar SIEM
Apps
These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.
IBM QRadar DNS Analyzer - Overview
How to navigate the QRadar Experience Center App interface
Experience Center - Demonstration of Threat Simulator use cases
Skill badges
IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.
Commercial courses
Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.
Click roadmap title to expand/collapse roadmap
QRadar SIEM Administrator
The total time required to complete this roadmap is 46h 53m.
QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.
Operational Tasks
These courses teach you how to perform operational tasks for your QRadar environment.
Sizing and Scoping your QRadar SIEM Deployment Open Mic
Deploy Changes in QRadar
Using QRadar SIEM License Management
QRadar License Management event and flow processing capacity
License Management in QRadar SIEM
Index Management in IBM Security QRadar SIEM
Aggregated Data Management in IBM Security QRadar SIEM
QRadar foundations - Data retention
QRadar SIEM Log Source Custom Properties
Configuring the QRadar log source parsing order
QRadar Log Source Management App 6.0
Configuring Log File log sources for QRadar
Managing Disconnected Log Collectors with the QRadar Log Source Management app
QRadar Log Source Management App - Webinar
How to add an App Host to QRadar SIEM
Planning your migration from QRadar App Node to App Host
Adding a QNI appliance to the QRadar deployment
Setting up a QRadar Network Insights appliances stack
How to use IBM X-Force Threat Intelligence and integrate with QRadar SIEM
QRadar SIEM Operational Tasks
Using QRadar SIEM backup management
Deploying managed QRadar WinCollect agents
QRadar Software Updates and Best Practice Admin Checklist Open Mic
QRadar upgrades best practices - Open Mic
QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic
Maintaining QRadar 101 - Open Mic
Keeping QRadar up-to-date
Deployment resilience and high availability for QRadar
Academy Service Level Agreement and Contacts
DevOps
These courses teach you how to implement extensions and enhancements in your QRadar environment.
Determining indicators for threat detection with QRadar SIEM
Managing Custom Rules in QRadar SIEM
Developing Custom Rules in IBM QRadar SIEM
Local versus global rules in QRadar SIEM
Overview of Building Blocks in QRadar SIEM
How to configure rule actions in QRadar SIEM
Using host definition and host reference building blocks in QRadar SIEM
How to locate rules that triggered in QRadar SIEM
Developing efficient rules in QRadar SIEM
Using the Rule Explorer in the QRadar Use Case Manager app
Investigating anomalies by understanding Anomaly Rules in QRadar
Developing Anomaly Detection Rules in IBM QRadar SIEM
QRadar reference data collections use cases
Introduction to Custom Action Scripts
QRadar SIEM Integration & Extension
Creating custom log sources in QRadar SIEM
Log source autodetection and properties with the QRadar DSM Editor
Developing log source types in QRadar SIEM
Configuration and benefits of an AWS log source in QRadar
Configuring and testing AWS CloudTrail log source with SQS queue in QRadar
Utilizing the Log Event Extended Format (LEEF) in QRadar
QRadar log sources - General configuration tips
Creating an offense for monitoring an internal log source in QRadar
QRadar Tuning - Open Mic
Tuning QRadar using the Use Case Manager App
NEW
Protect against ransomware using Guardium Data Encryption and QRadar
QRadar Use Case Manager Overview
QRadar Use Case Manager - New Features
QRadar Use Case Manager v2.3 Updates
Creating reports in QRadar SIEM
QRadar SIEM API
Troubleshooting
These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.
QRadar Troubleshooting - Overview
QRadar Troubleshooting - Tools
Getting started with QRadar Deployment Intelligence
QRadar WinCollect Troubleshooting Open Mic
Developing efficient rules in QRadar SIEM
Considering QRadar rule capacity determined by performance analysis
How to update the QRadar network hierarchy to prevent false positive offenses
Click roadmap title to expand/collapse roadmap
QRadar SIEM Analyst
The total time required to complete this roadmap is 22h 44m.
QRadar SIEM Analysts are responsible for monitoring security incidents, investigating security event log information and network flows, scheduling vulnerability scanning, and coordinating remediation activities.
Investigations
These courses teach you how to investigate and remediate security threats in your IT environment Operational Tasks
Using IBM QRadar SIEM
QRadar SIEM Investigation - Working with Offenses
Using search efficiently in QRadar
Searching your QRadar data efficiently - Open Mic
QRadar SIEM Integration & Extension
Using AQL for Advanced Searches in IBM QRadar SIEM
How to perform Network Analysis using QRadar SIEM Dashboard Items
QRadar Detecting Ransomware, Phishing and Malware
Protect against ransomware using Guardium Data Encryption and QRadar
Investigating anomalies by understanding Anomaly Rules in QRadar
How to configure rule actions in QRadar SIEM
Advanced Search and Use Cases
QRadar SIEM Advanced Investigation & Use Cases
QRadar SIEM Advanced Investigation for Windows - Sysmon Use Cases
Creating reports in QRadar SIEM
Domain Generation Algorithm detection with QRadar DNS Analyzer
Domain squatting detection with QRadar DNS Analyzer
Filtering DNS traffic with QRadar DNS Analyzer
Creating an offense for monitoring an internal log source in QRadar
Click roadmap title to expand/collapse roadmap
QRadar SIEM Architect
The total time required to complete this roadmap is 16h 34m.
QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.
Operational Tasks
These courses teach you how to perform operational tasks for your QRadar environment.
Sizing and Scoping your QRadar SIEM Deployment Open Mic
QRadar License Management event and flow processing capacity
QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic
DevOps
These courses teach you how to implement extensions and enhancements in your QRadar environment.
QRadar SIEM Integration & Extension
Determining indicators for threat detection with QRadar SIEM
Developing Custom Rules in IBM QRadar SIEM
Local versus global rules in QRadar SIEM
Overview of Building Blocks in QRadar SIEM
Click roadmap title to expand/collapse roadmap
Managed Security Service Providers (MSSP)
The total time required to complete this roadmap is 4h 50m.
This roadmap depicts enablement assets for Managed Security Service Providers (MSSP). In addition to this roadmap, MSSPs should consider the assets that are provided in the QRadarFundamentals roadmap.
MSSP Foundation
These courses provide you with MSSP-related content covering concepts and architecture.
QRadar Architectural patterns for Managed Security Service Providers
Using the IBM Disconnected Log Collector to collect and forward logs to QRadar
Managing Disconnected Log Collectors with the QRadar Log Source Management app
QRadar on Cloud architecture
Domain and Tenant Management for QRadar
Using domains and tenants in QRadar
NEW
QRadar domains and tenants Open Mic
QRadar foundations - user management
Apps integration
These courses cover the extensibility of the QRadar platform by deploying additional apps, with special emphasis for MSSPs.
IBM QRadar SIEM Advanced Topics
IBM QRadar enables you to
minimize the time gap between when a suspicious activity occurs and when
you detect it. Attacks and policy violations leave their footprints in
log events and network flows of your IT systems. To connect the dots,
QRadar SIEM
correlates these scattered events and flows into offenses that alert
you to suspicious activities. Using the skills taught in this course,
you will be able to thoroughly understand and configure QRadar rules,
work with reference data, and create and manage uncommon log sources.
Objectives
- Create and manage uncommon log source types
- Leverage reference data collections
- Develop and manage custom rules
- Develop and manage custom action scripts
- Develop and manage anomaly detection rules
This is a commercial course (BQ203) taught by IBM's network of Global Training Providers.
IBM QRadar SIEM Foundations
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted
as offenses. In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.
Objectives:
- Describe how QRadar SIEM collects data to detect suspicious activities
- Describe the QRadar SIEM component architecture and data flows
- Navigate the user interface
- Investigate suspected attacks and policy breaches
- Search, filter, group, and analyze security data
- Investigate the vulnerabilities and services of assets
- Use network hierarchies
- Locate custom rules and inspect actions and responses of rules
- Analyze offenses created by QRadar SIEM
- Use index management
- Navigate and customize the QRadar SIEM dashboard
- Use QRadar SIEM to create customized reports
- Use charts and filters
- Use AQL for advanced searches
- Analyze a real world scenario
This is a commercial course (BQ103) taught by IBM's network of Global Training Providers.