title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
IBM QRadar SIEM Foundations
Course Description
Overview
IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.
In this 3-day instructor-led course, you learn how to perform the following tasks:
- Describe how QRadar collects data to detect suspicious activities​​​​​​​
- Describe the QRadar architecture and data flows
- Navigate the user interface
- Define log sources, protocols, and event details
- Discover how QRadar collects and analyzes network flow information
- Describe the QRadar Custom Rule Engine
- Utilize the Use Case Manager app
- Discover and manage asset information
- Learn about a variety of QRadar apps, content extensions, and the App Framework
- Analyze offenses by using the QRadar UI and the Analyst Workflow app
- Search, filter, group, and analyze security data
- Use AQL for advanced searches
- Use QRadar to create customized reports
- Explore aggregated data management
- Define sophisticated reporting using Pulse Dashboards
- Discover QRadar administrative tasks
Extensive lab exercises are provided to allow learners an insight into the routine work of an IT Security Analyst operating the QRadar SIEM platform. The exercises cover the following topics:
- Architecture exercises
- UI Overview exercises
- Log Sources exercises
- Flows and QRadar Network Insights exercises
- Custom Rule Engine (CRE) exercises
- Use Case Manager app exercises
- Assets exercises
- App Framework exercises
- Working with Offenses exercises.
- Search, filtering, and AQL exercises
- Reporting and Dashboards exercises
- QRadar Admin tasks exercises
The lab environment for this course uses the IBM QRadar SIEM 7.5 platform.
Objectives
After completing this course, you should be able to perform the following tasks:
- Describe how QRadar collects data to detect suspicious activities
- Describe the QRadar architecture and data flows
- Navigate the user interface
- Define log sources, protocols, and event details
- Discover how QRadar collects and analyzes network flow information
- Describe the QRadar Custom Rule Engine
- Utilize the Use Case Manager app
- Discover and manage asset information
- Learn about a variety of QRadar apps, content extensions, and the App Framework
- Analyze offenses by using the QRadar UI and the Analyst Workflow app
- Search, filter, group, and analyze security data
- Use AQL for advanced searches
- Use QRadar to create customized reports
- Explore aggregated data management
- Define sophisticated reporting using Pulse Dashboards
- Discover QRadar administrative tasks
Audience
This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.
Prerequisites
- IT infrastructure
- IT security fundamentals
- Linux
- Windows
- TCP/IP networking
- Syslog
Before taking this course, make sure that you have the following skills:
Topics
- Unit 0: IBM Security QRadar 7.5 - Fundamentals
- Unit 1: QRadar Architecture
- Unit 2: QRadar UI - Overview
- Unit 3: QRadar - Log Source
- Unit 4: QRadar flows and QRadar Network Insights
- Unit 5: QRadar Custom Rule Engine (CRE)
- Unit 6: QRadar Use Case Manager app
- Unit 7: QRadar - Assets
- Unit 8: QRadar extensions
- Unit 9: Working with Offenses
- Unit 10: QRadar - Search, filtering, and AQL
- Unit 11: QRadar - Reporting and Dashboards
- Unit 12: QRadar - Admin Console
Related Courses
-
IBM Security QRadar v7.4.3 Deployment Professional
BQ650GW- Duration: 3.5 Hours
- Delivery Format: Self-Paced Training (WBT)
- Price: 155.00 USD
-
QRadar SIEM: Gathering Threat Management Data (v7.5)
BQ310GS- Duration: 4 Hours
- Delivery Format: Self-Paced Training
- Price: 441.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
THIS IS A SELF-PACED VIRTUAL CLASS. AFTER YOU REGISTER, YOU HAVE 365 DAYS TO ACCESS THE COURSE.
This is a Self-Paced virtual class; it is intended for students who do not need the support of a classroom instructor. If you feel you would better benefit from having access to a Subject Matter Expert, please enroll in the Instructor-Led version instead. Minimal technical support is provided to address issues with accessing the platform or problems within the lab environment.
Before you enroll, review the system requirements to ensure that your system meets the minimum requirements for this course. AFTER YOU ARE ENROLLED IN THIS COURSE, YOU WILL NOT BE ABLE TO CANCEL YOUR ENROLLMENT. You are billed for the course when you submit the enrollment form. Self-Paced Virtual Classes are non-refundable. Once you purchase a Self-Paced Virtual Class, you will be charged the full price.
After you receive confirmation that you are enrolled, you will be sent further instructions to access your course material and remote labs. A confirmation email will contain your online link, your ID and password, and additional instructions for starting the course.
Upon receipt of the Order Confirmation Letter which includes your Enrollment Key (Access code); the course begins its twelve (12) month access period. IMPORTANT!!! If your course provides access to a hands-on lab (Virtual Lab Environment), you will have a specific number of days (typically 30 days) on the remote lab platform to complete your hands-on labs. Do not start your lab until you are ready to use your lab time effectively. Time allotted in the virtual lab environment will be indicated once you apply the enrollment key. The self-paced format gives you the opportunity to complete the course at your convenience, at any location, and at your own pace. The course is available 24 hours a day.
If the course requires a remote lab system, the lab system access is allocated on a first-come, first-served basis. When you are not using the elab system, ensure that you suspend your elab to maximize your hours available to use the elab system. Note: This does not add additional days to your Lab Environment time frame.
Click the Skytap Connectivity Test button to ensure this computer's hardware, software and internet connection works with the SPVC Lab Environment.
Click the Skytap Connectivity Documentation button to read about the hardware, software and internet connection requirements.
Exam Terms & Conditions
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Purchase Information
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.