Security Intelligence Latest
Security Intelligence Latest Courses:
In this video, you learn about the different update types in QRadar and how to use the Auto Update function. In addition, you learn how to take advantage of the QRadar Assistant app to keep your content packs and QRadar apps up-to-date.
In this lab, you learn how to use the User Behavior Analytics for QRadar (UBA) application to detect anomalous or malicious behavior. The lab comes with UBA already installed and configured. You learn to use the QRadar UBA Dashboard and how the application can help you detect malicious user behavior. The lab also walks you through the investigation process and demonstrates the integration with QRadar Advisor with Watson. The QRadar Advisor with Watson app is also already installed and configured in the lab. To learn more about QRadar Advisor with Watson, visit the dedicated section in the Security Learning Academy, where you can run the lab that is focused on QRadar Advisor with Watson. Finally, the lab walks you through tuning the rules for user risky behavior by configuring the senseValue parameter.
In this lab, you learn how to configure and use the QRadar Advisor with Watson app in a QRadar offense investigation.
You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor knowledge
The lab provides an overview of the Cyber Adversary Framework Mapping Application. This app is used to map your custom rules to MITRE ATT&CK tactics and override the IBM default rule mappings.
Learn about QRadar configuration changes and updates necessary for a successful QRadar Advisor with Watson investigation
Extract custom properties from various log sources
Update relevant reference sets
Create QRadar rules
Enable X-Force threat intelligence feed
Update network hierarchy and critical assets
Configure QRadar SIEM and QRadar Advisor to show files that were executed or that were blocked on the systems that are monitored by QRadar SIEM
Update the QRadar Advisor configuration to use proper custom mappings
Learn how to run investigations and interpret the QRadar Advisor knowledge graph
- Configure and use the Cyber Adversary Framework Mapping Application
In a targeted attack, a user inside a company receives malicious software that allows an attacker to infiltrate the corporate network and compromise information.
With the QRadar Experience Center App, you run a scenario that simulates the execution of malware by a user, which then downloads additional tools to steal credentials, scan the network, connect to a local database, and download sensitive data.
In this video, you learn how to investigate this type of situation by using the provided sample data in QRadar SIEM.