IBM QRadar SIEM Foundations
Course Overview
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, asset profiles, and vulnerabilities. QRadar SIEM classifies suspected attacks and policy violations as offenses.
Details
This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.
Before taking this course, make sure that you have the following skills:
IT infrastructure
IT security fundamentals
Linux
Windows
TCP/IP networking Syslog
Unit 1: Introduction to IBM QRadar
Unit 2: IBM QRadar SIEM component architecture and data flows
Unit 3: Using the QRadar SIEM User Interface
Unit 4: Investigating an Offense Triggered by Events
Unit 5: Investigating the Events of an Offense
Unit 6: Using Asset Profiles to Investigate Offenses
Unit 7: Investigating an Offense Triggered by Flows
Unit 8: Using Rules
Unit 9: Using the Network Hierarchy
Unit 10: Index and Aggregated Data Management
Unit 11: Using the QRadar SIEM Dashboard
Unit 12: Creating Reports
Unit 13: Using Filters
Unit 14: Using the Ariel Query Language (AQL) for Advanced Searches
Unit 15: Analyzing a Real-World Large-Scale Attack