Security Intelligence Latest

Security Intelligence Latest Courses:

NEW

This course teaches you how to avoid many common issues when configuring log sources for QRadar that use the Log File protocol.  In addition, you also learn how to configure both FTPS and passwordless SCP authentication for Log File log sources.  Finally, you learn how to configure and test Log File log sources in the QRadar Log Source Management app.

NEW

This course provides an introduction to IBM Security QRadar architectural patterns for Managed Security Service Providers (MSSPs). 

An MSSP provides Security Operations Center (SOC) services to customers of different sizes and requirements. This will result in different architectural patterns and use of QRadar Console, Event collectors (EC), Event processors (EP), and Disconnected Log Collectors (DLC).

The intent of the MSSP SOC is to offer services to multiple clients and at the same time to ensure confidentiality, integrity, and availability of services and data to their clients. To accomplish this goal, the QRadar components can be deployed across three zones that rely on the QRadar core functions for data isolation, such as users access management, domains, and tenants.

NEW

In this course, you learn about domain and tenant management capabilities in IBM Security QRadar. Managed Security Service Providers (MSSPs) use these capabilities to provide services to their customers in a shared multi-tenant environment. Multi-divisional organizations can benefit from these features as well.

Domain and tenant management capabilities are essential when you want to provide services from a shared QRadar environment. Every internal customer becomes a tenant in your QRadar deployment and each has different requirements. To separate your tenants' data, you define domains.

NEW

The User Behavior Analytics (UBA) app starting version 3.6.0 supports multitenant environments in IBM Security QRadar 7.4.0 Fix Pack 1 and later. Multitenant environments allow Managed Security Service Providers (MSSPs) and multidivisional organizations to provide security services to multiple client organizations from a single, shared QRadar deployment. You don't need to deploy a unique QRadar instance for each customer. With QRadar 7.4.0 Fix Pack 1 or later and UBA 3.6.0, you can create multiple tenants from a single deployment instead of managing multiple deployments. The course walks you through all concepts that are needed to set up the UBA app in a multitenant environment such as log sources, tenants, domains, security profiles, UBA users, and roles.