QRadar SIEM
QRadar Fundamentals
The total time required to complete this roadmap is 43h 16m.
Overview
Core functionality
Apps
Skill badges
Commercial courses
QRadar SIEM Administrator
The total time required to complete this roadmap is 50h 41m.
Operational Tasks
DevOps
Troubleshooting
Tuning
These courses teach you how to perform basic tuning tasks in your QRadar environment.
QRadar SIEM Analyst
The total time required to complete this roadmap is 48h 24m.
Investigations
QRadar SIEM Architect
The total time required to complete this roadmap is 16h 34m.
Operational Tasks
DevOps
Managed Security Service Providers (MSSP)
The total time required to complete this roadmap is 5h 35m.
MSSP Foundation
Apps integration
IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned. This course is based on IBM Security QRadar 7.4.1.
Objectives- Describe how QRadar collects data to detect suspicious activities
- Describe the QRadar architecture and data flows
- Navigate the user interface
- Define log sources, protocols, and event details
- Discover how QRadar collects and analyzes network flow information
- Describe the QRadar Custom Rule Engine (CRE)
- Use the Use Case Manager app
- Discover and manage asset information
- Learn about a variety of QRadar apps, content extensions, and the App Framework
- Analyze offenses by using the QRadar UI and the Analyst Workflow app
- Search, filter, group, and analyze security data
- Use AQL for advanced searches
- Use QRadar to create customized reports
- Explore aggregated data management
- Define sophisticated reporting using Pulse Dashboards
- Discover QRadar administrative tasks
This is a commercial course (BQ104G) taught by IBM's network of Global Training Providers. To enroll in the course, follow the "View enrollment options" link to the IBM Training site to find a class that matches your location and schedule needs.
IBM QRadar enables you to
minimize the time gap between when a suspicious activity occurs and when
you detect it. Attacks and policy violations leave their footprints in
log events and network flows of your IT systems. To connect the dots,
QRadar SIEM
correlates these scattered events and flows into offenses that alert
you to suspicious activities. Using the skills taught in this course,
you will be able to thoroughly understand and configure QRadar rules,
work with reference data, and create and manage uncommon log sources.
- Create and manage uncommon log source types
- Leverage reference data collections
- Develop and manage custom rules
- Develop and manage custom action scripts
- Develop and manage anomaly detection rules
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted
as offenses. In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.
Objectives:
- Describe how QRadar SIEM collects data to detect suspicious activities
- Describe the QRadar SIEM component architecture and data flows
- Navigate the user interface
- Investigate suspected attacks and policy breaches
- Search, filter, group, and analyze security data
- Investigate the vulnerabilities and services of assets
- Use network hierarchies
- Locate custom rules and inspect actions and responses of rules
- Analyze offenses created by QRadar SIEM
- Use index management
- Navigate and customize the QRadar SIEM dashboard
- Use QRadar SIEM to create customized reports
- Use charts and filters
- Use AQL for advanced searches
- Analyze a real world scenario
IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned. This course is based on IBM Security QRadar 7.4.1.
Objectives- Describe how QRadar collects data to detect suspicious activities
- Describe the QRadar architecture and data flows
- Navigate the user interface
- Define log sources, protocols, and event details
- Discover how QRadar collects and analyzes network flow information
- Describe the QRadar Custom Rule Engine (CRE)
- Use the Use Case Manager app
- Discover and manage asset information
- Learn about a variety of QRadar apps, content extensions, and the App Framework
- Analyze offenses by using the QRadar UI and the Analyst Workflow app
- Search, filter, group, and analyze security data
- Use AQL for advanced searches
- Use QRadar to create customized reports
- Explore aggregated data management
- Define sophisticated reporting using Pulse Dashboards
- Discover QRadar administrative tasks
This is a commercial course (BQ104G) taught by IBM's network of Global Training Providers. To enroll in the course, follow the "View enrollment options" link to the IBM Training site to find a class that matches your location and schedule needs.