QRadar SIEM Roadmaps:

Click roadmap title to expand/collapse roadmap

QRadar SIEM Administrator

Job Role: QRadar SIEM: Administrator

QRadar Administrators deploy, configure, and maintain the overall QRadar infrastructure based on a holistic deployment architecture. They further maintain all operational tasks to ensure that the QRadar solution performs according to the key performance indicators.


QRadar SIEM: Administrator Why QRadar SIEM? V2 QRadar foundations - Events QRadar foundations - Flows QRadar foundations - Rules and Offenses How coalescing works in QRadar QRadar SIEM Assets & Networks QRadar Component Architecture QRadar Flow Tutorial Log Source Protocols Open Mic Log source concepts - DSMs and protocols Domains and tenants Open Mic QRadar Deployment Architecture QRadar Planning and Installation Guide QRadar Cloud Architecture Using the Disconnected Log Collector Overview of using threat intelligence data QRadar Apps: A Round Table Open Mic QRadar DNS Analyzer - Overview Gaining visibility with QNI QRadar 7.3.1 Feature Discussion Sizing and scoping your QRadar deployment Using QRadar License Management Event and flow processing capacity License Management Log Source Custom Properties Configuring the log source parsing order Log Source Management App Deploying an App Node How to add an App Host to QRadar SIEM Migrating from App Node to App Host Adding a QNI appliance to QRadar Setting up a QNI appliances stack Integrating X-Force with QRadar QRadar SIEM Operational Tasks Using QRadar backup management Deploying managed WinCollect agents Best Practice Admin Checklist Open Mic QRadar Sysmon Open Mic Determining indicators for threat detection Managing Custom Rules Developing Custom Rules Local versus global rules Overview of Building Blocks How to configure rule actions Host definition and host reference BB How to locate rules that triggered Developing efficient rules Developing Anomaly Detection Rules Introduction to Custom Action Scripts QRadar SIEM Integration & Extension Creating custom log sources Log source autodetection and properties Developing log source types AWS log source - configuration and benefits Log sources - General configuration tips Tuning Part 1 - Overview and networking Tuning Part 2 - Assets - Rules - False Positives Tuning Part 3 - Open Mic Creating reports QRadar SIEM API Troubleshooting - Overview Troubleshooting - Tools WinCollect Troubleshooting Open Mic Troubleshooting Lab - Part 1: get_logs Troubleshooting Lab - Part 2: Debugging Troubleshooting Lab - Part 3: Resource tuning Troubleshooting Lab - Part 4: Unkn log source Developing efficient rules Rule capacity and performance analysis Troubleshooting Lab - Custom Rules IBM QRadar SIEM Foundations QRadar SIEM Advanced Topics
Academy Courses
View and Enroll in these roadmap courses
Click roadmap title to expand/collapse roadmap

QRadar SIEM Analyst

Job Role: QRadar SIEM: Analyst

QRadar SIEM Analysts are responsible for monitoring security incidents, investigating security event log information and network flows, scheduling vulnerability scanning, and coordinating remediation activities.


QRadar SIEM: Analyst Why QRadar SIEM? V2 QRadar foundations - Events QRadar foundations - Flows QRadar foundations - Rules and Offenses How coalescing works in QRadar QRadar SIEM Assets & Networks QRadar Component Architecture Determining indicators for threat detection QRadar Flow Tutorial How to locate rules that triggered Overview of Building Blocks Host definition and host reference BB Local versus global rules Developing log source types Log source concepts - DSMs and protocols QRadar DNS Analyzer - Overview Gaining visibility with QNI Using IBM QRadar SIEM QRadar SIEM Investigation Investigating Offenses QRadar SIEM Integration & Extension Using AQL for Adv Searches in QRadar SIEM Network Analysis using QRadar SIEM Dashboard Detect Ransomware - Phishing - Malware How to configure rule actions Advanced search and use cases Adv Investigation & Use Case Adv. Investigation for Windows Sysmon Creating reports DGA detection with DNS Analyzer Squatting detection with  DNS Analyzer Filtering DNS traffic with DNS Analyzer IBM QRadar SIEM Foundations
Academy Courses
View and Enroll in these roadmap courses
Click roadmap title to expand/collapse roadmap

QRadar SIEM Architect

Job Role: QRadar SIEM: Architect

QRadar SIEM Architects work in unison with IT Security Architects in an organization to design the holistic QRadar deployment architecture by integrating important log sources, network flows, assets, and user population.


QRadar SIEM: Architect Why QRadar SIEM? V2 QRadar foundations - Events QRadar foundations - Flows QRadar foundations - Rules and Offenses How coalescing works in QRadar QRadar SIEM Assets & Networks QRadar Component Architecture QRadar Flow Tutorial Log Source Protocols Open Mic Log source concepts - DSMs and protocols AWS log source - configuration and benefits Domains and tenants Open Mic QRadar Deployment Architecture QRadar Planning and Installation Guide QRadar Cloud Architecture Using the Disconnected Log Collector Overview of using threat intelligence data QRadar Apps: A Round Table Open Mic QRadar DNS Analyzer - Overview Gaining visibility with QNI QRadar 7.3.1 Feature Discussion Using IBM QRadar SIEM QRadar SIEM Investigation Log Source Management App Sizing and scoping your QRadar deployment Event and flow processing capacity Deploying an App Node QRadar Sysmon Open Mic QRadar SIEM Integration & Extension Determining indicators for threat detection Developing Custom Rules Local versus global rules Overview of Building Blocks Security Intelligence Fundamentals IBM QRadar SIEM Foundations
Academy Courses
View and Enroll in these roadmap courses