QRadar Security Intelligence

QRadar Security Intelligence Courses:


Based on real-world best practice experience, Jose Bravo explains several tuning approaches to IBM Security QRadar User Behavior Analytics deployments, covering the following aspects:

  • Importing users the right way
  • Indexing properly
  • What log sources to use
  • Utilizing asset information
  • Risk threshold and other app settings
  • Enabling and tuning rules


In this course, you learn how to create IBM Security QRadar domains and tenants using both the user interface and the RESTful API. You send events to QRadar and see how they get assigned to domains and why. You understand the difference between domain aware and domain unaware rules. You create a shared data rule and perform tests to see how this rule works in comparison with QRadar rules without a domain assignment.


You can use the guided tips in IBM Security QRadar Use Case Manager to help you ensure that QRadar is optimally configured to accurately detect threats throughout the attack chain.

QRadar Use Case Manager includes a rule explorer that offers flexible reports related to your rules. The app also exposes pre-defined MITRE mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

This course first addresses an overview of the new features that have been introduced with Version 2.3., and then provides more details on the updates around the MITRE ATT&CK tactics and techniques.