QRadar Security Intelligence

The IBM QRadar Security Intelligence Platform provides a unified architecture of integrated functions with a single Security Operations Center user interface.
Capabilities presented include detection and response to attacks, security analytics, threat hunting, incident response, and threat intelligence with network and endpoint protection.

Topics Covered:
  • QRadar SIEM
  • QRadar on Cloud
  • QRadar Network Insights
  • User Behavior Analytics
  • QRadar Advisor with Watson
  • QRadar DNS Analyzer
  • System Integrations
  • QRadar - Securing the Cloud
  • QRadar Incident Forensics
  • QRadar Vulnerability Manager
  • How Do I videos
Click roadmap title to expand/collapse roadmap

Getting started with QRadar

The total time required to complete this roadmap is 13h 36m.

This roadmap outlines fundamental courses that are intended for someone new to IBM QRadar. These courses describe the architecture, explain deployment options, review the installation, and help you to deploy and understand licensing. This roadmap also introduces the configuration of key product features such as network hierarchy, assets, user management, log sources, flows, rules, and offenses. Finally, it shows you how to use QRadar to analyze offenses, create reports, and emphasis the tuning aspects of the solution. You are also encouraged to explore the other QRadar roadmaps that focus on different QRadar user roles.

Navigating QRadar on the Security Learning Academy

Review the following course to navigate QRadar Security Intelligence on the IBM Security Learning Academy.
Tour QRadar on the Security Learning Academy
Foundational

Roadmap category: Planning and installing

Review the following courses to learn about the QRadar component and deployment architecture, installation process, and licensing:
QRadar Planning and Installation Guide
Intermediate
QRadar Architecture
Foundational
QRadar Deployment Architecture
Foundational
Using QRadar SIEM License Management
Foundational

Roadmap category: Configuring

Use the following courses to learn about key QRadar features and configuration tasks:
QRadar foundations - Assets
Foundational
QRadar foundations - Network Hierarchy
Foundational
QRadar foundations - Events
Foundational
Introducing QRadar Flows
Foundational
QRadar flow analysis and investigations
Foundational
QRadar foundations - Rules and Offenses
Foundational
QRadar foundations - user management
Foundational
Log source concepts - protocols and Device Support Modules
Intermediate
QRadar Log Source Protocols - Open Mic
Foundational

Roadmap category: Investigating and reporting

Use the courses in this category to learn about QRadar Rules and Offenses, which help to detect IT security issues in your organization. These courses show how to use searches and analyze potential incidents.
QRadar SIEM Investigation - Working with Offenses
Intermediate
Experience Center - Demonstration of Threat Simulator use cases
Foundational
Using IBM QRadar SIEM
Foundational
Creating reports in QRadar SIEM
Foundational

Roadmap category: Tuning for investigation

There are many aspects to tuning your QRadar configuration. The courses in this group introduce you to some basic tuning tasks to improve your investigations.
How to update the QRadar network hierarchy to prevent false positive offenses
Intermediate
Local versus global rules in QRadar SIEM
Intermediate
Overview of Building Blocks in QRadar SIEM
Intermediate
QRadar Advanced Searches and Dashboards virtual lab

IBM Security QRadar Pulse is a dashboard app that you can use to communicate insights and analysis. Dashboards contain widgets that can monitor and display events, counters, and a variety of other data important to your organization. Take the pulse of your SOC with dynamic real-time dashboards that provide meaningful insights into your security posture, threat landscape, and QRadar deployment health metrics. 


1h 30m      Advanced

QRadar Security Intelligence Subjects:

Security Intelligence Latest

Browse this category  (23)

Or select by type:

Video Courses  (22)

Event Replays  (1)

QRadar SIEM

Browse this category  (131)

Or select by type:

Training roadmaps  (5)

Hands-on Labs  (15)

Video Courses  (88)

Challenges  (6)

Self-Paced Badges  (1)

Activity  (1)

Documentation  (2)

Event Replays  (19)

Commercial Courses  (2)

QRadar on Cloud (QRoC)

Browse this category  (4)

Or select by type:

Video Courses  (3)

Event Replays  (1)

QRadar Network Insights

Browse this category  (8)

Or select by type:

Hands-on Labs  (1)

Video Courses  (6)

Challenges  (2)

Event Replays  (1)

User Behavior Analytics (UBA)

Browse this category  (13)

Or select by type:

Training roadmaps  (1)

Hands-on Labs  (2)

Video Courses  (9)

Event Replays  (1)

QRadar Advisor with Watson

Browse this category  (10)

Or select by type:

Training roadmaps  (1)

Hands-on Labs  (1)

Video Courses  (5)

Documentation  (2)

Event Replays  (1)

QRadar DNS Analyzer

Browse this category  (4)

Or select by type:

Video Courses  (4)

System Integrations

Browse this category  (14)

Or select by type:

Hands-on Labs  (3)

Video Courses  (8)

Challenges  (4)

Event Replays  (2)

QRadar - Securing the Cloud

Browse this category  (2)

Or select by type:

Video Courses  (2)

QRadar Incident Forensics

Browse this category  (1)

Or select by type:

Video Courses  (1)

QRadar Vulnerability Manager

Browse this category  (9)

Or select by type:

Training roadmaps  (1)

Hands-on Labs  (1)

Video Courses  (7)

QRadar on the IBM Security App Exchange

Browse this category  (7)

Or select by type:

Video Courses  (7)

IBM QRadar Videos: How Do I...

Browse this category  (55)

Or select by type:

Training roadmaps  (1)

Video Courses  (54)