Security Intelligence Latest
Security Intelligence Latest Courses:
The ability to identify and understand how assets are being used in your network is critical to security. Not just for detecting devices, but building a dataset of historical information about assets and being able to track asset information across your network as it changes.
The goal of asset profiles is to bring all the information known about the assets in your network and update the data as new information is provided to QRadar. This allows administrators to more effectively report on, search, audit, and leverage rules to identify threats, vulnerabilities, and asset usage with relevant data.
In this course, you learn how assets can be discovered and then dynamically updated by QRadar, including network information, running applications and services, active users, vulnerabilities, and more.
This video provides an overview of key Log
Source Management app features. In addition to the overview, the video
demonstrates how to bulk add and bulk edit log sources, how to update DSMs and protocols, and how to test
log sources with the app.
- Learn about the new Disconnected Log Manager feature
- Explore the Log Source Management app user interface
- Learn how to bulk add and edit log sources
- Learn how to update DSMs and protocols
- Learn how to test log sources to confirm whether they are configured correctly
IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned. This course is based on IBM Security QRadar 7.4.1.Objectives
- Describe how QRadar collects data to detect suspicious activities
- Describe the QRadar architecture and data flows
- Navigate the user interface
- Define log sources, protocols, and event details
- Discover how QRadar collects and analyzes network flow information
- Describe the QRadar Custom Rule Engine (CRE)
- Use the Use Case Manager app
- Discover and manage asset information
- Learn about a variety of QRadar apps, content extensions, and the App Framework
- Analyze offenses by using the QRadar UI and the Analyst Workflow app
- Search, filter, group, and analyze security data
- Use AQL for advanced searches
- Use QRadar to create customized reports
- Explore aggregated data management
- Define sophisticated reporting using Pulse Dashboards
- Discover QRadar administrative tasks
This is a commercial course (BQ104G) taught by IBM's network of Global Training Providers. To enroll in the course, follow the "View enrollment options" link to the IBM Training site to find a class that matches your location and schedule needs.