Course Catalog

The exercise in this lab demonstrates how you can use QRadar Network Insights to detect suspicious and malicious traffic. The exercise reflects the timeline of the attack and how it is detected in QRadar.

The IBM QRadar Network Insights appliance can provide detailed analysis of network flows to extend the threat detection capabilities of IBM QRadar. This video demonstrates how to add an already installed QNI appliance into a QRadar deployment and how to deploy the license key.

Attackers can't hide on your network with IBM QRadar Network Insights. Security teams are flooded with security log activity every day, but inspecting those logs does not always generate the level of insight required to detect modern threats. They are eager to find additional methods to provide more accurate threat detection.

In this video, an attacker infiltrates and takes over a victim's computer by exploiting a phishing attack with a malicious attachment.

QRadar Network Insights analyzes network data in real-time to uncover the attacker’s footprint and expose the hidden security threats in this scenario.

This course teaches you how to configure a QRadar Network Insights appliances stack, which consists of a hardware and software setup. First, you learn how to use network ports in a stacking deployment. Then, you run an interactive simulation to configure the QNI stack.  

In this lab, you configure your deployment to receive QRadar Network Insights (QNI) traffic. QNI provides more detail about the traffic on your network because you can view the payload contents, rather than just metadata from the TCP packet.

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn the difference between QRadar events and flows. Learn about the packet header and payload: which information is available in the header and packet, and which technologies to use to investigate header and payload information.

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn how QRadar analyzes your flow data for applications, flow direction, and superflows. You also learn how to build a QRadar flow rule, and how to perform flow searches in QRadar.

IBM Security QRadar Network Insights (QNI) provides deep, real-time investigations into your network traffic.  In this course, you learn about the increased level of data that QNI provides for searches, rules, and building blocks.  You also learn about QNI inspection levels.  You learn how to create a rule that raises an offence when your traffic contains data from a QNI property.  You also investigate flow properties for an email exchange.

In this foundational education event, Brian White, from the IBM Security Learning Academy, presents an introduction to IBM Security QRadar flows and QRadar Network Insights (QNI), and IBM QRadar Support Lead YiFeng You presents solutions to common customer issues with QNI. 

During this session, we explain how flows differ from events, and what types of investigations you can perform with flows. We then talk about the QRadar flow pipeline, and how QNI can enhance your flow insights. Next, we look at QNI workflows, including investigations into encrypted traffic.  Finally, we discuss common customer issues with QNI and how to resolve them.