Prerequisites
To apply for the IBM Security QRadar SIEM Training, you need to either:
- Basic understanding of Networking.
- Basic skills in IT Security Frameworks and TC/IP Knowledge.
- Fundamental skills of Regular Expressions.
Course Curriculum
IBM QRadar SIEM – Introduction
- Overview of IBM Qradar
- HA (High Availability) & Core Abilities of QRadar SIEM
QRadar SIEM – Architecture
Data Processing System
- Event Processor
- Flow Processor
Data Collection System
- Event Collector
- Flow Collector
Understanding Magistrate Component
Aerial Database concept
Data Storage
High-Level Architecture
Console Structure
Log & Network Activity
- Real-time events & Log flow
- False Positives Identification and Tuning
- Search/Explore Events, Filter Criteria
Collection Of Logs
- Creating Log Source and Its Management
- WinCollect
- Syslog
QRadar SIEM Console
- What is a Dashboard?
- Dashboard Types
- Customization of Dashboards
Rules, Reports, Offenses
- Managing Offenses
- Creating Rules & Blocks
- Managing Reports
Risk Administration
- Estimating Risk
- QRadar SIEM Management
Backup
- Different Backup Types
Evaluation of Assets & Vulnerability
- Analysis & Estimation of Vulnerability
- Realization of Assets
- Import & Export of Assets
Applying Solutions
- Scope of QRadar SIEM solution
- Recommendations on Default Log Activity Reports
- Network Hierarchy (grading) Development
- Steps to Deploy
- Setting Up Authentication
Custom Log Sources
- Getting the trial logs
- Identifiers for QRadar
- Connecting custom QIDs to the Log Source ID
- Start mapping the uncommon log records.
- Using DSM Editor to build a custom Parser
Reports of IBM Qradar SIEM
- IBM Qradar Reports Creation
- Reporting Overview
- Filtering Layout
Rules Creation & Tuning Up
- Rules of IBM QRadar SIEM
- Implementing Building Blocks
- Creating Rules
- Offense Research & analysis
- Applying Time Series & Anomaly rules
- Managing Misleading (False Positive)
- Tuning Techniques
Reports of IBM Qradar SIEM
- IBM Qradar Reports Creation
- Reporting Overview
- Filtering Layout
AQL Overview
- AQL- Fundamentals
- Using AQL to build new/advanced queries.
- Analytics of User Behavior
- IBM Security QRadar SIEM with Watson Advisor
- IBM X-Force Threat Intelligence & QRadar SIEM integration
