IBM Security QRadar Advanced Topics
GK# 4842 Vendor# BQ132G
In this course, you will learn how to minimize the time gap between when a suspicious activity occurs and when you detect it with the use of IBM Security QRadar. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar’s security information and event management (SIEM) correlates these scattered events and flows into offenses that alert you to suspicious activities. Using the skills taught in this course, you will be able to configure processing of uncommon events, work with reference data, and develop custom rules.
1. Creating Custom Log Sources
2. Leveraging Reference Data Collections
3. Developing Custom Rules