In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.
Describe the purpose and capabilities of the QRadar SIEM licensed programDescribe how QRadar SIEM collects data and performs vulnerability assessmentLearn how to navigate and customize the dashboard tabLearn how to investigate the information contained in an offense and respond to an offenseLearn how to find, filter, and group events in order to gain critical insights about the offenseLearn how to create and edit a search that monitors the events of suspicious hostsLearn how asset profiles are created and updated, and how to use them as part of an offense investigationLearn how to investigate the flows that contribute to an offense, create and tune false positives, and investigate superflowsLearn how to find custom rules in the QRadar SIEM console, assign actions and responses to the rule, and how to configure rulesLearn how to use charts and apply advanced filters to examine specific activities in your environment
- Unit 1: Introduction to IBM Security QRadar SIEM
- Unit 2: How QRadar SIEM collects security data
- Unit 3: Using the QRadar SIEM Dashboard
- Unit 4: Investigating an offense that is triggered by events
- Unit 5: Investigating the events of an offense
- Unit 6: Using asset profiles to investigate offenses
- Unit 7: Investigating an offense that is triggered by flows
- Unit 8: Using rules and building blocks
- Unit 9: Creating QRadar SIEM reports
- Unit 10: Performing advanced filtering
This basic course is suitable for security analysts, security technical architects, offense managers, network administrators, and system administrators.