In this video course, you learn about the concepts of the RESTful API and how to manage IBM Security QRadar domains and tenants by using the API endpoints. Use the GET request to retrieve information about domains and tenants. Learn how to create or update domain and tenant objects by using the POST request, and delete objects with the DELETE request. Investigate a response error from a request and find a solution for that.

The IBM Security QRadar DSM for Amazon Web Services (AWS) CloudTrail supports audit events that are collected from Amazon S3 buckets by using the Amazon AWS S3 REST API protocol and a Simple Queue Service (SQS) queue. This method is very useful when collecting CloudTrail logs from multiple accounts or regions in an Amazon S3 bucket and reduced the chance of missing files by using ObjectCreate notifications. It is an alternative to the prefix method to collect data because it does not require that the file names in the folders be in a string sorted in ascending order based on the full path. In this course, you learn which services you need properly configured in your AWS environment to make this method work. Following this, you learn how to add an Amazon AWS CloudTrail log source, and at the end, you see how a successfully configured log source receives events from AWS.

This course teaches you how to avoid many common issues when configuring log sources for QRadar that use the Log File protocol.  In addition, you also learn how to configure both FTPS and passwordless SCP authentication for Log File log sources.  Finally, you learn how to configure and test Log File log sources in the QRadar Log Source Management app.

This course provides an introduction to IBM Security QRadar architectural patterns for Managed Security Service Providers (MSSPs). 

An MSSP provides Security Operations Center (SOC) services to customers of different sizes and requirements. This will result in different architectural patterns and use of QRadar Console, Event collectors (EC), Event processors (EP), and Disconnected Log Collectors (DLC).

The intent of the MSSP SOC is to offer services to multiple clients and at the same time to ensure confidentiality, integrity, and availability of services and data to their clients. To accomplish this goal, the QRadar components can be deployed across three zones that rely on the QRadar core functions for data isolation, such as users access management, domains, and tenants.

Use the guided tips in the IBM Security QRadar Use Case Manager app to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain.

In this video, you learn about the new features introduced with versions 2.2 and 2.3 of the app.

Use the guided tips in the IBM Security QRadar Use Case Manager app to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain.

In this video, you learn how to explore rules through visualization and generated reports, how to tune your environment based on built-in analysis, and how you can visualize threat coverage across the MITRE ATT&CK framework.

In this course, you learn about domain and tenant management capabilities in IBM Security QRadar. Managed Security Service Providers (MSSPs) use these capabilities to provide services to their customers in a shared multi-tenant environment. Multi-divisional organizations can benefit from these features as well.

Domain and tenant management capabilities are essential when you want to provide services from a shared QRadar environment. Every internal customer becomes a tenant in your QRadar deployment and each has different requirements. To separate your tenants' data, you define domains.

Learn the steps required to replace a non-high availability (HA) Console in a QRadar deployment.  In this procedure, the replacement Console is given the same IP address as the original Console.

The User Behavior Analytics (UBA) app starting version 3.6.0 supports multitenant environments in IBM Security QRadar 7.4.0 Fix Pack 1 and later. Multitenant environments allow Managed Security Service Providers (MSSPs) and multidivisional organizations to provide security services to multiple client organizations from a single, shared QRadar deployment. You don't need to deploy a unique QRadar instance for each customer. With QRadar 7.4.0 Fix Pack 1 or later and UBA 3.6.0, you can create multiple tenants from a single deployment instead of managing multiple deployments. The course walks you through all concepts that are needed to set up the UBA app in a multitenant environment such as log sources, tenants, domains, security profiles, UBA users, and roles.