Loading Courses

Learn the fundamental and advanced concepts of QRdar SIEM v7.3.

IBM QRadar SIEM provides collection, normalization, correlation, and secure storage of events, flows, asset profiles, and vulnerabilities. This product classifies suspected attacks and policy violations as offenses.  IBM® Security QRadar® enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities. Using the skills taught in this course, you will be able to configure processing of uncommon events, work with reference data, and develop custom rules, custom actions, and custom anomaly detection rules.

Prerequisites

Before taking this course, you should have the following skills:

  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Windows
  • TCP/IP networking
  • Syslog
  • Network flows

Virtual Classroom Live Outline

Foundational Topics:

  • Unit 1: Introduction to IBM QRadar
  • Unit 2: IBM QRadar SIEM component architecture and data flows
  • Unit 3: Using the QRadar SIEM User Interface
  • Unit 4: Investigating an Offense Triggered by Events
  • Unit 5: Investigating the Events of an Offense
  • Unit 6: Using Asset Profiles to Investigate Offenses Unit 7: Investigating an Offense Triggered by Flows Unit 8: Using Rules
  • Unit 9: Using the Network Hierarchy
  • Unit 10: Index and Aggregated Data Management
  • Unit 11: Using the QRadar SIEM Dashboard
  • Unit 12: Creating Reports
  • Unit 13: Using Filters
  • Unit 14: Using the Ariel Query Language (AQL) for Advanced Searches
  • Unit 15: Analyzing a Real-World Large-Scale Attack
  • Appendix A: A real-world scenario introduction to IBM QRadar SIEM Appendix B: IBM QRadar architecture

Advanced Topics:

  • Unit 1: Creating log source types
  • Unit 2: Leveraging reference data collections
  • Unit 3: Developing custom rules
  • Unit 4: Creating Custom Action Scripts
  • Unit 5: Developing Anomaly Detection Rules

This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.

For more information please contact us:

Enquiries in Johannesburg and Cape Town : pauli@velisaafrica.co.za

International Enquiries : hema.chugh@globalknowledge.ae

BACK TO COURSES