Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

IBM Security QRadar SIEM Administration and Advanced Topics

Learn to use administrative tools, process uncommon QRadar events, trigger alerts of suspicious activity, and develop custom rules.

Vendor# U6BQ121G

GK# 5613

Course Overview

In this course, you will learn how to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. The next level of this course focuses on attacks and policy violations. These vulnerabilities leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities.

This course covers system configuration, data source configuration, and remote networks and services configuration. You will be able to configure processing of uncommon events, work with reference data, and develop custom rules using the skills taught in this course.

Delivery Format Options

  • Classroom Live

    Classroom Live

    Receive face-to-face instruction at one of our training center locations.

    From

    $2495 CAD

    3 day

  • Virtual Classroom Live

    Virtual Classroom Live

    Experience expert-led online training from the convenience of your home, office or anywhere with an Internet connection.

    From

    $2495 CAD

    3 day

  • Private Group Training

    Private Group Training

    Train your entire team in a private, coordinated professional development session at the location of your choice.

    Receive private training for teams online and in-person.

Request a date or location for this course.

What You'll Learn

  • Install and manage automatic updates to QRadar SIEM assets
  • Configure QRadar backup and restore policies
  • Leverage QRadar administration tools to aggregate, review, and interpret metrics
  • Use network hierarchy objects to manage QRadar SIEM objects and groups
  • Manage QRadar hosts and licenses and deploy assets
  • Monitor the health of assets in a QRadar deployment
  • Configure system settings and asset profiles
  • Configure reasons that QRadar administrators use to close offenses
  • Create and manage reference sets
  • Create the credentials used to perform authenticated scans
  • Manage, route, and store event and flow data
  • Use domains in QRadar SIEM to act as a filter for events, flows, scanners, assets, rules, offenses, and retention policies
  • Configure user accounts including user profiles, authentication, and authorizations
  • Manage custom properties for assets, events, and flows
  • Manage QRadar log sources
  • Manage QRadar flow sources
  • Integrate Vulnerability Assessment Scanner results in QRadar SIEM
  • Manage groups that monitor Internet networks and services
  • Create custom log sources to utilize events from uncommon sources
  • Create, maintain, and use reference data collections
  • Develop and optimize custom rules to detect indicators of an attack or policy violation

Prerequisites

  • Basic knowledge of the purpose and use of a security intelligence platform
  • Familiarity with the Linux command line interface and PuTTY
  • Familiarity with custom rules
  • Familiarity with the Ariel database and its purpose in QRadar SIEM
  • IT infrastructure
  • IT security fundamentals
  • Microsoft Windows
  • TCP/IP networking
  • Log files and events
  • Network flows

Who Needs To Attend

  • QRadar SIEM administrators
  • Personnel managing deployments
  • Security administrators
  • Security technical architects
  • Offense managers
  • Professional services using QRadar SIEM

Course Outline

Download Course Outline