Course Code: BQ150G

Back to Courses

IBM : IBM Security QRadar SIEM Administration


Velisa Africa is the official Global Knowledge partner in Sub-Saharan Africa. Course details : https://www.globalknowledge.co.uk/courses/ibm/security/bq150g.html

IBM Security QRadar SIEM enables you to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks and services configuration.

Pre-Requisites

Before taking this course, make sure that you have the following skills:

  • Basic knowledge of the purpose and use of a security intelligence platform
  • Familiarity with the Linux command line interface and PuTTY
  • Familiarity with Custom Rules engine (CRE) rules
  • Familiarity with the Ariel database and its purpose in QRadar SIEM
  • Students should attend BQ102G, IBM Security QRadar
  • Foundations or be able to navigate and use the QRadar SIEM Console
  • Students should attend BQ132G, IBM Security QRadar SIEM Advanced Topics (optional)

  • Unit 1: Auto Update
  • Unit 2: Backup and Recovery
  • Unit 3: Index and Aggregated Data Management
  • Unit 4: Network Hierarchy
  • Unit 5: System Management
  • Unit 6: License Management
  • Unit 7: Deployment Actions
  • Unit 8: High Availability management
  • Unit 9: System Health and Master Console
  • Unit 10: System Settings and Asset Profiler Configuration
  • Unit 11: Custom Offense Close Reasons
  • Unit 12: Reference Set Management
  • Unit 13: Authorized Services
  • Unit 14: Users, User Roles, and Security Profiles
  • Unit 15: Log Sources
  • Unit 16: Log Source Extensions
  • Unit 17: Log Source parsing Ordering
  • Unit 18: Event and Flow Retention
  • Unit 19: Flow Sources
  • Unit 20: Flow Sources Aliases
  • Unit 21: Remote Networks and Services

Learning objectives

  • Install and manage automatic updates to QRadar SIEM assets
  • Configure QRadar backup and restore policies
  • Leverage QRadar administration tools to aggregate, review, and interpret metrics
  • Use network hierarchy objects to manage QRadar SIEM objects and groups
  • Manage QRadar hosts and licenses and deploy assets
  • Monitor the health of assets in a QRadar deployment
  • Configure system settings and ass profiles
  • Configure reasons that QRadar administrators use to close offenses
  • Create and manage reference sets
  • Configure user accounts including user profiles and authorizations
  • Manage QRadar log sources
  • Store event and flow data
  • Manage QRadar flow sources
  • Manage groups that monitor Internet networks and services

This course is designed for QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments.