Only a partial course catalog is displayed. Please log in to see the complete catalog.


Security Intelligence Courses (13):

NEW

This course teaches you how to configure a QRadar Network Insights appliances stack, which consists of a hardware and software setup. First, you learn how to use network ports in a stacking deployment. Then, you run an interactive simulation to configure the QNI stack.  


NEW

For QRadar SIEM 7.3.2, an App Host can take over the running of apps. The App Host replaces the App Node that was available in previous versions of QRadar SIEM. Migrating from App Node to App Host is a part of the upgrade from QRadar 7.3.0 or 7.3.1 to QRadar 7.3.2. If you are running App Node, you must perform the migration because App Node is not supported on QRadar 7.3.2 and later.

The first part of this course walks you through the steps to upgrade and migrate from an App Node to an App Host.

In the second part, Jose Bravo performs an actual migration on a test system.


NEW

In this video, you learn about log source parsing order and how to manage it. See how to solve parsing problems by changing the log source parsing order and how to reduce parsing problems.



NEW

This course provides general tips on log source configuration. Learn how to gather information about DSMs. Understand the capabilities of the QRadar UI to configure log sources. See what else can help you do this task and get linked to it.


NEW

In this video, you learn how to set up and use the IBM Disconnected Log Collector (DLC), which is a free-of-charge event collector that can work independently of QRadar.

NEW

In this video, you learn how to translate a saved search from either the Log or Network activity tab into an AQL (Ariel Query Language) search string, which can be copied to the clipboard.

NEW

You can back up and recover IBM QRadar configuration information as well as event and flow data by using the backup and recovery feature.  This video demonstrates how you can identify a missing backup file in QRadar 7.3.2.

NEW

In this video, you review how to use the DSM Editor to select a log source type, configure property parsing, and create new event categories and mapping. You also examine the new features of the QRadar DSM Editor, which are contained in the Configuration section. 

This video focuses on the new features: log source autodetection and properties. These features are available with QRadar SIEM 7.3.2.




NEW

QRadar SIEM routes events and flows directly to storage, if an alarmingly high system load might cause degradation of real-time processing. After this happens, the Custom Rule Engine (CRE) can collect metrics data about rule execution. From this data, the CRE calculates throughput capacities for most enabled custom rules and building blocks. The UI displays the capacities as event and flow rates, and also indicates the level of concern with colored bars.

QRadar 7.3.2 or higher is required to enable this capability.




NEW

The DNS Analyzer app uses two types of filters that improve processing of the analytics algorithms. The first type of filter is based on the IBM X-Force Threat Intelligence feed, and the second is based on filtering lists built into DNS Analyzer, where you can add any domain to the whitelist or the blacklist. The video also demonstrates how DNS Analyzer reports a blacklisted domain.

The video also demonstrates how the DNS Analyzer app reports the blacklisted domain.



NEW

This course provides an overview of the domain squatting technique and how IBM QRadar DNS Analyzer can help with early detection of that type of DNS traffic. Domain squatting is a technique used by hackers to register and use domains that are similar to a legitimate domain. Hackers use those domains to inject malware through phishing and other methods such as typo-squatting.
The video also demonstrates how the DNS Analyzer app detects and reports on squatting domains.



NEW

For QRadar SIEM 7.3.2, an App Host can take over the running of apps. The App Host replaces the App Node that was available for previous versions of QRadar SIEM. This course teaches how to add an App Host to a QRadar SIEM 7.3.2 installation.



NEW

This course provides an overview of the Domain Generation Algorithm (DGA) and how IBM QRadar DNS Analyzer can help with early detection of that type of DNS traffic.  Domain Generation Algorithm is code that is used to periodically generate a large list of domain names that are usually used by botnets. The video also demonstrates how DNS Analyzer detects and reports on the DGA domains.