Security Intelligence Latest

Security Intelligence Latest Courses:

NEW

In this video, you learn about the different update types in QRadar and how to use the Auto Update function. In addition, you learn how to take advantage of the QRadar Assistant app to keep your content packs and QRadar apps up-to-date.


NEW

In this lab, you learn how to use the User Behavior Analytics for QRadar (UBA) application to detect anomalous or malicious behavior. The lab comes with UBA already installed and configured. You learn to use the QRadar UBA Dashboard and how the application can help you detect malicious user behavior.  The lab also walks you through the investigation process and demonstrates the integration with QRadar Advisor with Watson. The QRadar Advisor with Watson app is also already installed and configured in the lab. To learn more about QRadar Advisor with Watson, visit the dedicated section in the Security Learning Academy, where you can run the lab that is focused on QRadar Advisor with Watson. Finally, the lab walks you through tuning the rules for user risky behavior by configuring the senseValue parameter.




NEW

In this lab, you learn how to configure and use the QRadar Advisor with Watson app in a QRadar offense investigation.

You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor knowledge graphs.

The lab provides an overview of the Cyber Adversary Framework Mapping Application. This app is used to map your custom rules to MITRE ATT&CK tactics and override the IBM default rule mappings.

The QRadar Advisor with Watson app V2.0.0 automatically maps MITRE ATT&CK tactics to CRE rules. In the QRadar Advisor with Watson app, you can see the tactics that are identified for an offense investigation. They are displayed in the offense details pane.

Objectives

  • Learn about QRadar configuration changes and updates necessary for a successful QRadar Advisor with Watson investigation

    • Extract custom properties from various log sources

    • Update relevant reference sets

    • Create QRadar rules

    • Enable X-Force threat intelligence feed

    • Update network hierarchy and critical assets

    • Configure QRadar SIEM and QRadar Advisor to show files that were executed or that were blocked on the systems that are monitored by QRadar SIEM

  • Update the QRadar Advisor configuration to use proper custom mappings

  • Learn how to run investigations and interpret the QRadar Advisor knowledge graph

  • Configure and use the Cyber Adversary Framework Mapping Application




NEW

In a targeted attack, a user inside a company receives malicious software that allows an attacker to infiltrate the corporate network and compromise information. 

With the QRadar Experience Center App, you run a scenario that simulates the execution of malware by a user, which then downloads additional tools to steal credentials, scan the network, connect to a local database, and download sensitive data. 

In this video, you learn how to investigate this type of situation by using the provided sample data in QRadar SIEM.