QRadar Security Intelligence

QRadar Security Intelligence Courses:

NEW

Based on real-world best practice experience, Jose Bravo explains several tuning approaches to IBM Security QRadar User Behavior Analytics deployments, covering the following aspects:

  • Importing users the right way
  • Indexing properly
  • What log sources to use
  • Utilizing asset information
  • Risk threshold and other app settings
  • Enabling and tuning rules

NEW

In this course, you learn how to create IBM Security QRadar domains and tenants using both the user interface and the RESTful API. You send events to QRadar and see how they get assigned to domains and why. You understand the difference between domain aware and domain unaware rules. You create a shared data rule and perform tests to see how this rule works in comparison with QRadar rules without a domain assignment.

NEW

You can use the guided tips in IBM Security QRadar Use Case Manager to help you ensure that QRadar is optimally configured to accurately detect threats throughout the attack chain.

QRadar Use Case Manager includes a rule explorer that offers flexible reports related to your rules. The app also exposes pre-defined MITRE mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

This course first addresses an overview of the new features that have been introduced with Version 2.3., and then provides more details on the updates around the MITRE ATT&CK tactics and techniques.

NEW

In this lab, you configure your deployment to receive QRadar Network Insights (QNI) traffic. QNI provides more detail about the traffic on your network because you can view the payload contents, rather than just metadata from the TCP packet.

You create the reference sets and rules required for QNI offenses. Then, you investigate your traffic based on these offenses. In addition, this lab demonstrates the deep level of detail that you can view in your traffic.