QRadar Security Intelligence
QRadar Security Intelligence Courses:
This course explains how to use the QRadar SIEM Tuning Report, which lists the rules that are being matched most frequently over a specific time period.
Managing the configuration of false positives can help minimize the impact on legitimate threats and vulnerabilities in QRadar.
In this course, we demonstrate how you can tune false positive events and flows to prevent them from creating offenses in QRadar.
Using a particular use case, this video demonstrates how to take advantage of reference data collections in QRadar SIEM.
With the QRadar Experience Center App, you run a scenario that simulates an attack triggered by a spam email that allows the launch of a command shell, which helps a suspicious OS to log into an Amazon Web Services (AWS) environment and starts creating multiple instances on this cloud environment. It ends with the downloaded backup data from an S3 bucket..
In this video, you learn how to investigate this type of situation by using the provided sample data in QRadar SIEM.