1

QRadar Certification Training

QRadar Certification Training

The IBM Certified Associate Administrator – IBM QRadar SIEM course provides an in-depth understanding of IBM QRadar as a security information and event management (SIEM) solution. This course is designed to help learners understand how to deploy, maintain, and troubleshoot QRadar SIEM. Learners will gain the skills necessary to use QRadar to identify and respond to incidents, while also maintaining compliance with security requirements and policies.

The IBM Certified Associate Administrator – IBM QRadar SIEM course covers topics such as installation, deployments, event management and collecting, roles and user profiles, rules, offenses, and reports, using the log activity tab, and using the network hierarchy.


Course key Learnings:

1. Understand the fundamentals of IBM QRadar SIEM and its components
2. Learn how to deploy, navigate, and navigate the IBM QRadar SIEM console
3. Gain expertise in managing users, roles, and system settings
4. Understand how to use and configure the IBM QRadar SIEM log manager
5. Gain proficiency in deciphering attack patterns and studying the offense overview
6. Acquire expertise in configuring rules to recognize malicious activity
7. Learn how to use searches and reports to evaluate threats, vulnerabilities, and attacks in real-time
8. Understand the core components of IBM QRadar SIEM such as log sources, correlated offenses, assets, and saved searches
9. Acquire proficiency in troubleshooting issues in IBM QRadar SIEM
10. Gain skills in leveraging IBM QRadar SIEM Application Framework to create custom application


Course Content:

Module 1 Introduction to IBM Security QRadar SIEM

  •  Purposes of QRadar SIEM
  •  QRadar SIEM and the IBM Security Framework
  •  Identifying suspected attacks and policy breaches
  •  Providing context
  •  Key QRadar SIEM capabilities
  •  QRadar SIEM Console

Module 2 How QRadar SIEM collects security data

  • Normalizing log messages to events
  •  Event collection and processing
  •  Flow collection and processing
  •  Reporting
  •  Asset profiles
  •  Active scanners
  •  QRadar Vulnerability Manager scanner
  •  Gathering asset information

Module 3 Using the QRadar SIEM dashboard

  •  Navigating the Dashboard tab
  •  Dashboard overview
  •  Default dashboard
  •  QRadar SIEM tabs
  •  Other menu options
  •  Context-sensitive help
  •  Dashboard refresh
  •  Dashboard variety
  •  Creating a custom dashboard
  •  Managing dashboard items

Module 4 Investigating an offense that is triggered by events

  • Introduction to offenses
  •  Creating and rating offenses
  •  Instructor demonstration of offense parameters
  •  Selecting an offense to investigate
  •  Offense Summary window
  •  Offense parameters
  •  Top 5 Source IPs
  •  Top 5 Destination IPs
  •  Top 5 Log Sources
  •  Top 5 Users
  •  Top 5 Categories
  •  Last 10 Events
  •  Last 10 Flows
  •  Annotations
  •  Offense Summary toolbar
  •  Lesson 4 Acting on an offense
  •  Offense actions
  •  Offense status and flags

Module 5 Investigating the events of an offense

  •  Navigating to the events List of events
  • Event details: Base information
  •  Event details: Reviewing the raw event
  •  Event details: Additional details
  •  Returning to the list of events
  •  Filtering events
  •  Applying a Quick Filter to the payload
  •  Using another filter option
  •  Grouping events
  •  Grouping events by low-level category
  •  Removing grouping criteria
  •  Viewing a range of events
  •  Monitoring the scanning host
  •  Saving search criteria
  •  Event list using the saved search
  •  About Quick Searches
  •  Using alternative methods to create and edit searches
  •  Finding and loading a saved search
  •  Search actions
  •  Adding a saved search as a dashboard item
  •  Saving a search as a dashboard item
  • Enabling time-series data
  •  Selecting the time range
  •  Displaying 24 hours in a dashboard item
  •  Modifying items in the chart type table

Module 6 Using asset profiles to investigate offenses

  • About asset profiles
  •  Creating asset profiles
  •  Navigating from an offense to an asset
  •  Assets tab
  •  Asset summary
  •  Vulnerabilities

Module 7 Investigating an offense that is triggered by flows

  •  About flows
  • Network Activity tab
  • Grouping flows
  • Finding an offense
  • Offense parameter
  • Top 5 Source and Destination IPs
  • Top 5 Log Sources
  • Top 5 Categories
  • Last 10 Events
  • Last 10 Flows
  • Annotations
  • Base information
  • Source and destination information
  • Layer 7 payload
  • Additional information
  • Creating a false positive flow or event
  • Tuning a false positive flow or event

Module 8 Using rules and building blocks

  • About rules and building block
  •  About rules
  • About building blocks and functions
  • Navigating to rules
  • Finding the rules that fired for an event or flow
  •  Finding the rules that triggered an offense
  • Rule Wizard demonstration
  • Rule Wizard
  • Rule actions
  • Rule response

Module 9 Creating QRadar SIEM reports

  • Reporting introduction
  •  Reporting demonstration
  • Reports tab
  • Finding a report
  • Running a report
  • Selecting the generated repor
  • Viewing a report
  • Reporting demonstration
  • Creating a new report template
  •  Choosing a schedule
  •  Choosing a layout
  •  Defining report contents
  •  Configuring the upper chart
  •  Configuring the lower chart
  •  Verifying the layout preview
  •  Choosing a format
  •  Distributing the report
  •  Adding a description and assigning the group
  •  Verifying the report summary
  •  Viewing the generated report
  •  Best practices when creating reports

Module 10 Performing advanced filtering

  • Filtering demonstration
  •  Flows to external destinations
  •  Remote to Remote flows
  •  Scanning activity
  •  Applications not running on the correct port
  •  Data loss
  •  Flows to suspect Internet addresses
  •  Filtering on custom rules and building blocks
  •  Grouping by custom rules
  •  Charts on Log and Network Activity tabs: Grouping
  •  Charts on Log and Network Activity tabs: Time range
  •  Capturing time-series data
  •  Viewing time series charts: Zooming to focus

Course Prerequisites
To be eligible for the IBM Certified Associate Administrator – IBM QRadar SIEM V7.3.2 certification, you must have:
• Basic knowledge of software delivery, use, and lifecycle management
• Experience with basic IT concepts, such as networking, server technologies, virtualization, and architectures
• Understanding of authentication, authorization, and encryption
• Working knowledge of web-based applications or web page scripts
• Knowledge of risk, compliance, and SIEM solutions
• Ability to analyze, interpret, and communicate results from technical products
• Working knowledge of QRadar products, such as QRadar Security Intelligence Platform, QRadar Risk Manager, and QRadar Analyst
• Knowledge of the features and functions of QRadar SIEM V7.3.2

Target Audience
  • The target audience for IBM Certified Associate Administrator – IBM QRadar SIEM training consists of individuals who have knowledge and experience with QRadar SIEM, the security incident and event management tool
  • This certification is ideal for those who wish to demonstrate their expertise in installing, configuring, managing, and maintaining a QRadar installation
  • It will also benefit security professionals such as security administrators, incident responders, system engineers, and system administrators who are looking to gain a more comprehensive understanding of the QRadar SIEM platform.
  • This training is also recommended for professionals with backgrounds in IT, network security, and compliance who need to understand how to use QRadar SIEM to protect their organizations from cyber threats



Flexible Class Options

  • Week End Classes For Professionals  SAT | SUN
  • Corporate Group Trainings Available
  • Online Classes – Live Virtual Class (L.V.C), Online Training

Popular Courses

Offensive Security Certified Professional (OSCP) 

Certified Information Security Manager (CISM)ISO 20121 – Sustainable Events Management

 ISO 27001 Information Security Management Systems – ISMS

Certified Access Management Specialist

 

KEY FEATURES

Flexible Classes Schedule

Online Classes for out of city / country students

Unlimited Learning - FREE Workshops

FREE Practice Exam

Internships Available

Free Course Recordings Videos

Register Now