Only a partial course catalog is displayed. Please log in to see the complete catalog.
Security Intelligence Courses (13):
This course teaches you how to configure a QRadar Network Insights appliances stack, which consists of a hardware and software setup. First, you learn how to use network ports in a stacking deployment. Then, you run an interactive simulation to configure
the QNI stack.
For QRadar SIEM 7.3.2, an App Host can take over the running of apps. The App Host replaces the App Node that was available in previous versions of QRadar SIEM. Migrating from App Node to App Host is a part of the upgrade from QRadar 7.3.0 or 7.3.1 to
QRadar 7.3.2. If you are running App Node, you must perform the migration because App Node is not supported on QRadar 7.3.2 and later.
The first part of this course walks you through the steps to upgrade and migrate from an App Node to an App Host.
In the second part, Jose Bravo performs an actual migration on a test system.
In this video, you learn about log source parsing order and how to manage it. See how to solve parsing problems by changing the log source parsing order and how to reduce parsing problems.
This course provides general tips on log source configuration. Learn how to gather information about DSMs. Understand the capabilities of the QRadar UI to configure log sources. See what else can help you do this task and get linked to it.
In this video, you learn how to set up and use the IBM Disconnected Log Collector (DLC), which is a free-of-charge event collector that can work independently of QRadar.
In this video, you learn how to translate a saved search from either the
Log or Network activity tab into an AQL (Ariel Query Language) search
string, which can be copied to the clipboard.
You can back up and recover IBM QRadar configuration information
as well as event and flow data by using the backup and recovery
feature. This video demonstrates how you can identify a missing backup file in QRadar 7.3.2.
In this video, you review how to
use the DSM Editor to select a log source type, configure property
parsing, and create new event categories and mapping. You also examine
the new features of the QRadar DSM Editor, which are contained in the
This video focuses on the new features: log source autodetection and properties. These features are available with QRadar SIEM 7.3.2.
QRadar SIEM routes events and flows directly to storage, if an alarmingly high system load might cause degradation of real-time processing. After this happens, the Custom Rule Engine (CRE) can collect metrics data about rule execution. From this data,
the CRE calculates throughput capacities for most enabled custom rules and building blocks. The UI displays the capacities as event and flow rates, and also indicates the level of concern with colored bars.
QRadar 7.3.2 or higher is required to enable this capability.
The DNS Analyzer app uses two types of filters that improve processing of the analytics algorithms. The first type of filter is based on the IBM X-Force Threat Intelligence feed, and the second is based on filtering lists built into DNS Analyzer, where
you can add any domain to the whitelist or the blacklist. The video also demonstrates how DNS Analyzer reports a blacklisted domain.
The video also demonstrates how the DNS Analyzer app reports the blacklisted domain.
This course provides an overview of the domain squatting technique and how IBM QRadar DNS Analyzer can help with early detection of that type of DNS traffic. Domain squatting is a technique used by hackers to register and use domains that are similar
to a legitimate domain. Hackers use those domains to inject malware through phishing and other methods such as typo-squatting.
The video also demonstrates how the DNS Analyzer app detects and reports on squatting domains.
For QRadar SIEM 7.3.2, an App Host can take over the running of apps. The App Host replaces the App Node that was available for previous versions of QRadar SIEM. This course teaches how to add an App Host to a QRadar SIEM 7.3.2 installation.