In this 3-day instructor-led course, you learn how to perform the following tasks:

Describe how QRadar collects data to detect suspicious activities​​​​​​​
Describe the QRadar architecture and data flows
Navigate the user interface
Define log sources, protocols, and event details
Discover how QRadar collects and analyzes network flow information
Describe the QRadar Custom Rule Engine
Utilize the Use Case Manager app
Discover and manage asset information
Learn about a variety of QRadar apps, content extensions, and the App Framework
Analyze offenses by using the QRadar UI and the Analyst Workflow app
Search, filter, group, and analyze security data
Use AQL for advanced searches
Use QRadar to create customized reports
Explore aggregated data management
Define sophisticated reporting using Pulse Dashboards
Discover QRadar administrative tasks

Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:

Architecture exercises
UI – Overview exercises
Log Sources exercises
Flows and QRadar Network Insights exercises
Custom Rule Engine (CRE) exercises
Use Case Manager app exercises
Assets exercises
App Framework exercises
Working with Offenses exercises.
Search, filtering, and AQL exercises
Reporting and Dashboards exercises
QRadar – Admin tasks exercises
The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

Course Outline

Unit 0: IBM Security QRadar 7.4 – Fundamentals

Unit 1: QRadar Architecture

Unit 2: QRadar UI – Overview

Unit 3: QRadar – Log Source

Unit 4: QRadar flows and QRadar Network Insights

Unit 5: QRadar Custom Rule Engine (CRE)

Unit 6: QRadar Use Case Manager app

Unit 7: QRadar – Assets

Unit 8: QRadar extensions

Unit 9: Working with Offenses

Unit 10: QRadar – Search, filtering, and AQL

Unit 11: QRadar – Reporting and Dashboards

Unit 12: QRadar – Admin Console