IBM QRadar SIEM Foundations - BQ104G

IBM QRadar SIEM Foundations - BQ104G

Audience

This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.

Prerequisites

Before taking this course, make sure that you have the following skills:

  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Windows
  • TCP/IP networking
  • Syslog

Duration

3 days. Hands on.

Course Objectives

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

In this 3-day instructor-led course, you learn how to perform the following tasks:

  • Describe how QRadar collects data to detect suspicious activities​​​​​​​
  • Describe the QRadar architecture and data flows
  • Navigate the user interface
  • Define log sources, protocols, and event details
  • Discover how QRadar collects and analyzes network flow information
  • Describe the QRadar Custom Rule Engine
  • Utilize the Use Case Manager app
  • Discover and manage asset information
  • Learn about a variety of QRadar apps, content extensions, and the App Framework
  • Analyze offenses by using the QRadar UI and the Analyst Workflow app
  • Search, filter, group, and analyze security data
  • Use AQL for advanced searches
  • Use QRadar to create customized reports
  • Explore aggregated data management
  • Define sophisticated reporting using Pulse Dashboards
  • Discover QRadar administrative tasks

Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:

  • Architecture
  • UI Overview
  • Log Sources
  • Flows and QRadar Network Insights
  • Custom Rule Engine (CRE)
  • Use Case Manager app
  • Assets
  • App Framework
  • Working with Offenses
  • Search, filtering, and AQL
  • Reporting and Dashboards
  • QRadar Admin tasks

The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

Course Content

Describe how QRadar collects data to detect suspicious activities
Describe the QRadar architecture and data flows
Navigate the user interface
Define log sources, protocols, and event details
Discover how QRadar collects and analyzes network flow information
Describe the QRadar Custom Rule Engine
Utilize the Use Case Manager app
Discover and manage asset information
Learn about a variety of QRadar apps, content extensions, and the App Framework
Analyze offenses by using the QRadar UI and the Analyst Workflow app
Search, filter, group, and analyze security data
Use AQL for advanced searches
Use QRadar to create customized reports
Explore aggregated data management
Define sophisticated reporting using Pulse Dashboards
Discover QRadar administrative tasks

Virtual Courses

ALL of our courses can be delivered virtually! Our Bath public schedule courses are available as live virtual sessions, using the popular Zoom Virtual Classroom and remote labs. Delegates can test their access at: www.zoom.us/test

Public Courses

There are no upcoming events

On-Site Courses

Can't attend one of our public classes? Booking for multiple people?

All our courses are available on your site! Delivered for your staff, at your premises.

Contact us to find out more...