QRadar Security Intelligence

QRadar Security Intelligence Courses:

NEW

Use the guided tips in the IBM Security QRadar Use Case Manager app to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain.

In this video, you learn about the new features introduced with versions 2.2 and 2.3 of the app.

NEW

Use the guided tips in the IBM Security QRadar Use Case Manager app to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain.


In this video, you learn how to explore rules through visualization and generated reports, how to tune your environment based on built-in analysis, and how you can visualize threat coverage across the MITRE ATT&CK framework.

NEW

In this course, you learn about domain and tenant management capabilities in IBM Security QRadar. Managed Security Service Providers (MSSPs) use these capabilities to provide services to their customers in a shared multi-tenant environment. Multi-divisional organizations can benefit from these features as well.

Domain and tenant management capabilities are essential when you want to provide services from a shared QRadar environment. Every internal customer becomes a tenant in your QRadar deployment and each has different requirements. To separate your tenants' data, you define domains.

NEW

Learn the steps required to replace a non-high availability (HA) Console in a QRadar deployment.  In this procedure, the replacement Console is given the same IP address as the original Console.

NEW

The User Behavior Analytics (UBA) app starting version 3.6.0 supports multitenant environments in IBM Security QRadar 7.4.0 Fix Pack 1 and later. Multitenant environments allow Managed Security Service Providers (MSSPs) and multidivisional organizations to provide security services to multiple client organizations from a single, shared QRadar deployment. You don't need to deploy a unique QRadar instance for each customer. With QRadar 7.4.0 Fix Pack 1 or later and UBA 3.6.0, you can create multiple tenants from a single deployment instead of managing multiple deployments. The course walks you through all concepts that are needed to set up the UBA app in a multitenant environment such as log sources, tenants, domains, security profiles, UBA users, and roles.

NEW

In this video, you learn about the following new capabilities and features of IBM Security QRadar 7.4:

  • QRadar focus in 2020
  • Platform updates
  • Data management
  • QRadar Network Insights 
  • QRadar Vulnerability Manager 
  • QRadar Apps
  • QRadar Community Edition 

NEW

Join the IBM Security Learning Services team for an in-depth tour of the Security Learning Academy, with a focus on IBM Security QRadar Security Intelligence course offerings. During this webinar, you will see how to navigate the platform, search the course catalog, enroll in a course, view your enrollments on your dashboard, create progress reports, and see how Security Learning Academy is integrated with IBM VIP Rewards for Security.

Contents

  • Introduction
  • Content requirements process
  • Tour the IBM Security Learning Academy home page
  • Take a deeper look at QRadar Security Intelligence courses and course roadmaps
  • Your personal dashboard
  • Progress reports
  • Integration between the Academy and the IBM VIP Rewards for Security program

NEW

Overview

For each incoming event and flow, QRadar SIEM evaluates rules to test for indicators that suggest an attack or policy violation. In this lab, you learn how to create custom rules, building blocks, custom event properties, and a reference set to detect an example suspicious activity.


Objectives

  • Create and use custom event properties
  • Create and use a reference set
  • Add tests to new custom rules and building blocks
  • Leverage function tests
  • Configure rule actions and responses


Duration

1 hour


NEW

In this course, you learn how to test new and existing log sources in the IBM Security QRadar Log Source Management app.  The testing feature allows you to troubleshoot log source issues.

NEW

A Disconnected Log Collector (DLC) can send events to an IBM Security QRadar deployment from areas that don't require, or can't use the features of Event Collectors or Event Processors.  

In this course, you learn how to register a new DLC, and add the DLC to domains and log sources. You also learn how to import an existing DLC and its log sources into QRadar. Finally, you learn how to export changes that are made to log sources, in the Log Source Management app, back to the DLC.

NEW

This video provides an overview of key Log Source Management app features. In addition to the overview, the video demonstrates how to bulk add and bulk edit log sources, and how to test log sources with the app.

Objectives

  • Learn about the new Disconnected Log Manager feature
  • Explore the Log Source Management app user interface
  • Learn how to bulk add and edit log sources
  • Learn how to test log sources to confirm whether they are configured correctly

NEW

IBM Security QRadar Advisor with Watson (QRAW) can help drive significant improvements in your SOC operations. Installing, configuring, and tuning QRadar Advisor with Watson is simple. However, you need to ensure that you have both QRadar and QRadar Advisor with Watson set up and configured properly to deliver the objectives and outcomes you and your analysts desire.

Before you install QRadar Advisor with Watson, follow the guidance in this document to ensure that your QRadar is ready with the correct logs and instrumentation. QRadar Advisor with Watson can tap into accurate and comprehensive data to investigate any offense, asset, user, or user activity. QRadar Advisor with Watson can substantially improve analysts’ productivity, increase their effectiveness, and reduce the time and effort it takes to collect data and investigate offenses and users.

This document outlines a two-phased approach. Each phase has a checklist to ensure the proper deployment of QRadar Advisor with Watson in your environment. 

  • Phase 1: Preinstall and prepare QRadar (before you install QRadar Advisor with Watson)
  • Phase 2: Install and configure QRadar Advisor


NEW

This course provides an overview of the IBM Security QRadar UBA application architecture. You learn about UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM. The video also shows how QRadar rules are connected to UBA, its support of multitenancy, and how to access the UBA docker container and application logs.