QRadar Security Intelligence
QRadar Security Intelligence Courses:
Based on real-world best practice experience, Jose Bravo explains several tuning approaches to IBM Security QRadar User Behavior Analytics deployments, covering the following aspects:
- Importing users the right way
- Indexing properly
- What log sources to use
- Utilizing asset information
- Risk threshold and other app settings
- Enabling and tuning rules
In this course, you learn how to create IBM Security QRadar domains and
tenants using both the user interface and the RESTful API. You send
events to QRadar and see how they get assigned to domains and why. You
understand the difference between domain aware and domain unaware rules.
You create a shared data rule and perform tests to see how this rule
works in comparison with QRadar rules without a domain assignment.
You can use the guided tips in
IBM Security QRadar Use Case Manager to help you ensure that QRadar is
optimally configured to accurately detect threats throughout the attack
QRadar Use Case Manager includes a rule explorer that offers flexible reports related to your rules. The app also exposes pre-defined MITRE mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.
This course first addresses an overview of the new features that have been introduced with Version 2.3., and then provides more details on the updates around the MITRE ATT&CK tactics and techniques.
In this lab, you configure your deployment to receive QRadar Network Insights (QNI) traffic. QNI provides more detail about the traffic on your network because you can view the payload contents, rather than just metadata from the TCP packet.
You create the reference sets and rules required for QNI offenses. Then, you investigate your traffic based on these offenses. In addition, this lab demonstrates the deep level of detail that you can view in your traffic.