This course runs for a duration of 3 Days.
The class will run daily from 9 AM ET to 5 PM ET.
Class Location: Virtual LIVE Instructor Led - Virtual Live Classroom.
Learn about the solution architecture, how to navigate the user interface, and how to investigate offenses.
IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.
In this 3-day instructor-led course, you learn how to perform the following tasks:
Audience
This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.
Objectives
After completing this course, you should be able to perform the following tasks:
Unit 0: IBM Security QRadar 7.5 - Fundamentals
Unit 1: QRadar Architecture
Unit 2: QRadar UI - Overview
Unit 3: QRadar - Log Source
Unit 4: QRadar flows and QRadar Network Insights
Unit 5: QRadar Custom Rule Engine (CRE)
Unit 6: QRadar Use Case Manager app
Unit 7: QRadar - Assets
Unit 8: QRadar extensions
Unit 9: Working with Offenses
Unit 10: QRadar - Search, filtering, and AQL
Unit 11: QRadar - Reporting and Dashboards
Unit 12: QRadar - Admin Console
Before taking this course, make sure that you have the following skills:
