Describe how QRadar SIEM collects data to detect suspicious activities
Describe the QRadar SIEM component architecture and data flows
Navigate the user interface
Investigate suspected attacks and policy violations
Search, filter, group, and analyze security data
Investigate events and flows
Investigate asset profiles
Describe the purpose of the network hierarchy
Determine how rules test incoming data and create offenses
Use index and aggregated data management
Navigate and customize dashboards and dashboard items
Create customized reports
Use filters
Use AQL for advanced searches
Analyze a real world scenario
Prerequisite
IT infrastructure
IT security fundamentals
Linux
Windows
TCP/IP networking
Syslog
Target Audience
This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.
Course Curriculum
Module 1: Introduction to IBM QRadar
Module 2: IBM QRadar SIEM component architecture and data flows
Module 3: Using the QRadar SIEM User Interface
Module 4: Investigating an Offense Triggered by Events
Module 5: Investigating the Events of an Offense
Module 6: Using Asset Profiles to Investigate Offenses
Module 7: Investigating an Offense Triggered by Flows
Module 8: Using Rules
Module 9: Using the Network Hierarchy
Module 10: Index and Aggregated Data Management
Module 11: Using the QRadar SIEM Dashboard
Module 12: Creating Reports
Module 13: Using Filters
Module 14: Using the Ariel Query Language (AQL) for Advanced Searches
Module 15: Analyzing a Real-World Large-Scale Attack
