Security Intelligence Latest
Security Intelligence Latest Courses:
This course teaches you how to avoid many common issues when configuring
log sources for QRadar that use the Log File protocol. In addition,
you also learn how to configure both FTPS and passwordless SCP
authentication for Log File log sources. Finally, you learn how to
configure and test Log File log sources in the QRadar Log Source
This course provides an introduction to IBM Security QRadar architectural patterns for Managed Security Service Providers (MSSPs).
An MSSP provides
Security Operations Center (SOC) services to customers of different
sizes and requirements. This will result in different architectural
patterns and use of QRadar
Console, Event collectors (EC), Event processors (EP), and Disconnected
Log Collectors (DLC).
The intent of the MSSP SOC is to offer services to multiple clients and at the same time to ensure confidentiality, integrity, and availability of services and data to their clients. To accomplish this goal, the QRadar components can be deployed across three zones that rely on the QRadar core functions for data isolation, such as users access management, domains, and tenants.
In this course, you learn about domain and tenant management capabilities in IBM Security QRadar. Managed Security Service Providers (MSSPs) use these capabilities to provide services to their customers in a shared multi-tenant environment. Multi-divisional organizations can benefit from these features as well.
Domain and tenant management capabilities are essential when you want to provide services from a shared QRadar environment. Every internal customer becomes a tenant in your QRadar deployment and each has different requirements. To separate your tenants' data, you define domains.
The User Behavior Analytics (UBA) app starting version 3.6.0 supports multitenant environments in IBM Security QRadar 7.4.0 Fix Pack 1 and later. Multitenant environments allow Managed Security Service Providers (MSSPs) and multidivisional organizations to provide security services to multiple client organizations from a single, shared QRadar deployment. You don't need to deploy a unique QRadar instance for each customer. With QRadar 7.4.0 Fix Pack 1 or later and UBA 3.6.0, you can create multiple tenants from a single deployment instead of managing multiple deployments. The course walks you through all concepts that are needed to set up the UBA app in a multitenant environment such as log sources, tenants, domains, security profiles, UBA users, and roles.