Security Intelligence Latest
Security Intelligence Latest Courses:
Employees in every organization are granted different levels of clearance to access information and classified or restricted areas based on their job profiles, such as different network locations, applications, or data. This process includes users who manage and have access to IT security products that protect the organization's critical resources, such as QRadar.
Every organization implements its own security policies to provide users with different permissions according to their roles. In this context, QRadar provides the ability to segment users' access based on a combination of factors, which can yield granular results. The information contained in QRadar includes network hierarchy and topology, assets, log and flow sources, event and flow data, offenses, scanning activity, management activity, and more.
This course introduces QRadar user management foundations, where you learn about user accounts and the different methods to authenticate, and how to implement granular user controls, such as user roles, security profiles, domains, and tenants.
When data obfuscation is configured on an IBM QRadar system, the masked version of the data is shown throughout the application. You must have access to both the corresponding keystore and the password to deobfuscate the data so that it can be viewed.
- How to deobfuscate events in QRadar
- How to set an obfuscation session key
- How to automatically deobfuscate an event in the Console
- How to deobfuscate an event in the Console
Reference data collections can be used to store and manage important data that you want to correlate against the events and flows in your QRadar environment. You can add business data or data from external sources into a reference data collection, and then use the data in searches, filters, rule test conditions, and rule responses.
In this course, you first get an overview of the different reference data types and what they can be used for. Next, you learn how to manage reference data collections and how to use them.
This 2-part video course explores the following topics:
Part 1: QRadar reference data types overview
- General purpose of reference data collections
- Reference set
- Reference map
- Reference map of sets
- Reference map of maps
- Reference table
- Using the QRadar UI
- Using the CLI
- Using the RESTful API
- Reference data in queries (AQL)
- Reference data in Rules (test conditions, rule responses)