IBM QRadar SIEM Foundations

IBM QRadar SIEM Foundations

Course Overview

IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, asset profiles, and vulnerabilities. QRadar SIEM classifies suspected attacks and policy violations as offenses.


This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.  

Before taking this course, make sure that you have the following skills: 

IT infrastructure

IT security fundamentals



TCP/IP networking Syslog

Unit 1: Introduction to IBM QRadar

Unit 2: IBM QRadar SIEM component architecture and data flows

Unit 3: Using the QRadar SIEM User Interface

Unit 4: Investigating an Offense Triggered by Events

Unit 5: Investigating the Events of an Offense

Unit 6: Using Asset Profiles to Investigate Offenses

Unit 7: Investigating an Offense Triggered by Flows

Unit 8: Using Rules

Unit 9: Using the Network Hierarchy

Unit 10: Index and Aggregated Data Management

Unit 11: Using the QRadar SIEM Dashboard

Unit 12: Creating Reports

Unit 13: Using Filters

Unit 14: Using the Ariel Query Language (AQL) for Advanced Searches

Unit 15: Analyzing a Real-World Large-Scale Attack