QRadar Network Insights

QRadar Network Insights Courses:

Adding a QNI appliance to the QRadar deployment

The IBM QRadar Network Insights appliance can provide detailed analysis of network flows to extend the threat detection capabilities of IBM QRadar. This video demonstrates how to add an already installed QNI appliance into a QRadar deployment and how to deploy the license key.

Gaining visibility with QRadar Network Insights

Attackers can't hide on your network with IBM QRadar Network Insights. Security teams are flooded with security log activity every day, but inspecting those logs does not always generate the level of insight required to detect modern threats. They are eager to find additional methods to provide more accurate threat detection.

In this video, an attacker infiltrates and takes over a victim's computer by exploiting a phishing attack with a malicious attachment.

QRadar Network Insights analyzes network data in real-time to uncover the attacker’s footprint and expose the hidden security threats in this scenario.

Setting up a QRadar Network Insights appliances stack

This course teaches you how to configure a QRadar Network Insights appliances stack, which consists of a hardware and software setup. First, you learn how to use network ports in a stacking deployment. Then, you run an interactive simulation to configure the QNI stack.  


QRadar Network Insights introduction lab

In this lab, you configure your deployment to receive QRadar Network Insights (QNI) traffic. QNI provides more detail about the traffic on your network because you can view the payload contents, rather than just metadata from the TCP packet.

You create the reference sets and rules required for QNI offenses. Then, you investigate your traffic based on these offenses. In addition, this lab demonstrates the deep level of detail that you can view in your traffic.


Introducing QRadar Flows

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn the difference between QRadar events and flows. Learn about the packet header and payload: which information is available in the header and packet, and which technologies to use to investigate header and payload information.


QRadar flow analysis and investigations

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn how QRadar analyzes your flow data for applications, flow direction, and superflows. You also learn how to build a QRadar flow rule, and how to perform flow searches in QRadar.


QRadar Network Insights overview and introduction
NEW

IBM Security QRadar Network Insights (QNI) provides deep, real-time investigations into your network traffic.  In this course, you learn about the increased level of data that QNI provides for searches, rules, and building blocks.  You also learn about QNI inspection levels.  You learn how to create a rule that raises an offence when your traffic contains data from a QNI property.  You also investigate flow properties for an email exchange.