Security Intelligence Latest

Security Intelligence Latest Courses:


When data obfuscation is configured on an IBM QRadar system, the masked version of the data is shown throughout the application. You must have access to both the corresponding keystore and the password to deobfuscate the data so that it can be viewed.

  • How to deobfuscate events in QRadar
  • How to set an obfuscation session key
  • How to automatically deobfuscate an event in the Console
  • How to deobfuscate an event in the Console


Reference data collections can be used to store and manage important data that you want to correlate against the events and flows in your QRadar environment. You can add business data or data from external sources into a reference data collection, and then use the data in searches, filters, rule test conditions, and rule responses.

In this course, you first get an overview of the different reference data types and what they can be used for. Next, you learn how to manage reference data collections and how to use them.

This 2-part video course explores the following topics:

Part 1QRadar reference data types overview

  • General purpose of reference data collections 
  • Reference set
  • Reference map
  • Reference map of sets
  • Reference map of maps
  • Reference table

Part 2QRadar reference data types management  

  • Using the QRadar UI 
  • Using the CLI
  • Using the RESTful API
  • Reference data in queries (AQL)
  • Reference data in Rules (test conditions, rule responses)


This hands-on lab is intended to review the configuration of a security profile, a user role, and a user account so that you can understand how these concepts are related to each other and how they can provide you with granular control of a user's access to information in your Console.