QRadar SIEM

Click roadmap title to expand/collapse roadmap

QRadar Fundamentals

This roadmap provides a QRadar platform overview and explains core concepts and functionality. This roadmap uses five pathways for navigation.


Overview

These courses introduce you to basic QRadar concepts and architecture.

Core functionality

These courses explain the functional components and core concepts of QRadar.

Apps

These courses introduce you to the extensibility of the QRadar platform through deployment of additional apps.

Skill badges

IBM Digital badges provide valuable credentials that prove the skills you have obtained in a specific role.

Commercial courses

Commercial courses cover a broad range of fundamental tasks.Tasks are described in the course summary of each course. If you prefer an instructor-led training program, these commercial courses are for you. The topics covered in the commercial courses can also be studied through Security Learning Academy online courses.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Administrator

QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.


Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.
Sizing and Scoping your QRadar SIEM Deployment Open Mic
Intermediate
Deploy Changes in QRadar
Intermediate
Using QRadar SIEM License Management
Foundational
QRadar License Management event and flow processing capacity
Foundational
License Management in QRadar SIEM
Foundational
Index Management in IBM Security QRadar SIEM
Intermediate
Aggregated Data Management in IBM Security QRadar SIEM
Intermediate
QRadar foundations - Data retention
Foundational
QRadar SIEM Log Source Custom Properties
Advanced
Configuring the QRadar log source parsing order
Intermediate
QRadar Log Source Management App 6.0
NEW
Foundational
Managing disconnected log colletors with the QRadar Log Source Management app
NEW
Intermediate
QRadar Log Source Management App - Webinar
NEW
Intermediate
How to add an App Host to QRadar SIEM
Intermediate
Planning your migration from QRadar App Node to App Host
Intermediate
Adding a QNI appliance to the QRadar deployment
Foundational
Setting up a QRadar Network Insights appliances stack
Foundational
How to use IBM X-Force Threat Intelligence and integrate with QRadar SIEM
Intermediate
QRadar SIEM Operational Tasks
Intermediate
Using QRadar SIEM backup management
Foundational
Deploying managed QRadar WinCollect agents
Intermediate
QRadar Software Updates and Best Practice Admin Checklist Open Mic
Advanced
QRadar upgrades best practices - Open Mic
Intermediate
QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic
Intermediate
Maintaining QRadar 101 - Open Mic
Intermediate
Keeping QRadar up-to-date
Foundational
Deployment resilience and high availability for QRadar
Intermediate
Academy Service Level Agreement and Contacts

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.
Determining indicators for threat detection with QRadar SIEM
Intermediate
Managing Custom Rules in QRadar SIEM
Intermediate
Developing Custom Rules in IBM QRadar SIEM
NEW
Intermediate
Local versus global rules in QRadar SIEM
Intermediate
Overview of Building Blocks in QRadar SIEM
Intermediate
How to configure rule actions in QRadar SIEM
Intermediate
Using host definition and host reference building blocks in QRadar SIEM
Intermediate
How to locate rules that triggered in QRadar SIEM
Foundational
Developing efficient rules in QRadar SIEM
Advanced
Using the Rule Explorer in the QRadar Use Case Manager app
Advanced
Investigating anomalies by understanding Anomaly Rules in QRadar
Intermediate
Developing Anomaly Detection Rules in IBM QRadar SIEM
Intermediate
QRadar reference data collections use cases
Intermediate
Introduction to Custom Action Scripts
Foundational
QRadar SIEM Integration & Extension
Intermediate
Creating custom log sources in QRadar SIEM
Intermediate
Log source autodetection and properties with the QRadar DSM Editor
Advanced
Developing log source types in QRadar SIEM
Intermediate
Configuration and benefits of an AWS log source in QRadar
Intermediate
Utilizing the Log Event Extended Format (LEEF) in QRadar
Foundational
QRadar log sources - General configuration tips
Foundational
Creating an offense for monitoring an internal log source in QRadar
Intermediate
QRadar Tuning - Open Mic
Intermediate
QRadar Use Case Manager Overview
NEW
Intermediate
QRadar Use Case Manager - New Features
NEW
Intermediate
Creating reports in QRadar SIEM
Foundational
QRadar SIEM API
Advanced

Troubleshooting

These courses teach you how to perform basic troubleshooting tasks in your QRadar environment.

Click roadmap title to expand/collapse roadmap

QRadar SIEM Analyst

Click roadmap title to expand/collapse roadmap

QRadar SIEM Architect

QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.


Operational Tasks

These courses teach you how to perform operational tasks for your QRadar environment.

DevOps

These courses teach you how to implement extensions and enhancements in your QRadar environment.

What's new in QRadar 7.4 - Webinar
NEW

In this video, you learn about the following new capabilities and features of IBM Security QRadar 7.4:

  • QRadar focus in 2020
  • Platform updates
  • Data management
  • QRadar Network Insights 
  • QRadar Vulnerability Manager 
  • QRadar Apps
  • QRadar Community Edition 

QRadar Log Source Management App - Webinar
NEW

The IBM Security QRadar Log Source Management app provides a new and redesigned interface for viewing, creating, editing, and deleting log sources. Watch this webinar replay where IBM Security development and support teams talk about the QRadar Log Source Management app and how this application can improve log source visibility and help troubleshoot log sources in QRadar.

Maintaining QRadar 101 - Open Mic

This video is intended for new administrators, or users, who have inherited QRadar responsibilities in their organization and want a crash course on how to maintain and manage QRadar. The goal of this video is to give administrators an idea, of what to review on a daily, weekly, and monthly basis to prevent support calls and understand QRadar as a new administrator. 

This IBM QRadar Support Open Mic session was recorded on Thursday, 25 April 2019.

QRadar Cloud Architecture Open Mic

This Open Mic video first explains the different cloud deployment architecture models for IBM QRadar and then spends some time to discuss the installation procedures for various cloud offerings. Take a look at the overall agenda:

  • Third Party Cloud Vendors
  • AWS Deployment Architecture Examples
  • Azure Deployment Architecture Examples
  • Installing QRadar in AWS Today
  • Installing QRadar CE in AWS
  • Installing QRadar in AWS (Soon)
  • Instance Log Ingestion from Auto-Scaling Groups
  • Resources

QRadar domains and tenants Open Mic

In this QRadar Open Mic you learn about domains and tenants, and how these concepts are implemented and used. You also hear about tips and other helpful information for QRadar administrators.

QRadar foundations - Assets

To properly understand and use the capabilities of QRadar SIEM beyond the basic concepts, it is important to learn about assets. In this course, you learn how assets can be discovered and then dynamically updated by QRadar, including network information, running applications and services, active users, and vulnerabilities.

QRadar foundations - Events

With IBM QRadar SIEM, you can monitor and display network events in real time or perform advanced searches.

The Log Activity tab displays event information as records from a log source, such as a firewall or router device. Use the Log Activity tab to do the following tasks:

  • Investigate events that are sent to QRadar SIEM in real time
  • Search events
  • Monitor log activity by using configurable time-series charts
  • Identify false positives to tune QRadar SIEM

QRadar foundations - Flows

In IBM QRadar SIEM, you can investigate the communication sessions between two hosts.

If the content capture option is enabled, the Network Activity tab displays information about how network traffic is communicated and what was communicated. Using the Network Activity tab, you can do the following tasks:

  • Investigate the flows that are sent to QRadar SIEM in real time
  • Search network flows
  • Monitor network activity by using configurable time-series charts

QRadar foundations - Rules and Offenses

In this video, you learn about how QRadar rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response.

QRadar SIEM includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. 

The following list describes the two rule categories:

  • Custom rules perform tests on events, flows, and offenses to detect unusual activity in your network
  • Anomaly detection rules perform tests on the results of saved flow or event searches to detect when unusual traffic patterns occur in your network

QRadar Log Source Protocols - Open Mic

This IBM Security Support Open Mic video explains how QRadar uses log source protocols to collect event data, capturing configuration properties, error messages, and other use cases for data collection.

Objectives:

  • Events FAQ and terminology
  • Listening protocols (Syslog)
  • Polling protocols (JDBC / Log File)
  • Tips and performance Suggestions
  • Specialty protocols (APIs)
  • Questions and discussion

QRadar Software Updates and Best Practice Admin Checklist Open Mic

This IBM Support Open Mic video covers topics around QRadar software updates and a best practice admin checklist.

  • Before you begin 
  • Patch and upgrade checklist 
  • Firmware 
  • Troubleshooting
  • Reference

QRadar Sysmon QRadar Sysmon and Windows Endpoint Detection - Open MicOpen Mic

In this Open Mic you learn about the enhanced Windows endpoint monitoring capability with Sysmon and QRadar. The IBM Security Support explains why you want to use Sysmon, and how to properly set it up.

QRadar Tuning - Open Mic

In this video, a panel of IBM QRadar experts talk about tuning QRadar, focusing on the following:

  • Network hierarchy
  • Host definition building blocks and reference data
  • Server discovery
  • QRadar content extensions
  • Tuning methodology
  • False positive rules

QRadar upgrades best practices - Open Mic

This video is intended for administrators who update and maintain their QRadar deployment.  The goal is to provide details for having a smooth QRadar upgrade by discussing various upgrade pre-checks, upgrade methods, and offer tips and tricks to help you have a quick and trouble free upgrade.


QRadar WinCollect Troubleshooting Open Mic

In this QRadar WinCollect Troubleshooting Open Mic video, you will learn about the following topics:

  • About WinCollect
  • Managed vs standalone deployment
  • Troubleshooting tuning issues 
  • Error messages 
  • General WinCollect troubleshooting 
  • Troubleshooting with IBM Support 
  • Q&A
This Open Mic session was recorded on 21 September 2018.

Searching your QRadar data efficiently - Open Mic

In this IBM Security QRadar Support Open Mic you learn about the following topics:

  • Searching Your QRadar data efficiently
  • Utilize Quick Filters to search data
  • Leveraging indexed properties in search queries
  • Tips on searching data in QRadar

Sizing and Scoping your QRadar SIEM Deployment Open Mic

In this video, Adam Frank and Robert McGinley from the QRadar team deliver the Open Mic LIVE at the 2018 Think conference, which focuses on sizing and scoping your QRadar SIEM deployment.