BQ102G IBM Security QRadar SIEM Foundations Training

DESCRIPTION

THIS IS A SELF-PACED VIRTUAL CLASS. AFTER YOU REGISTER, YOU HAVE 30 DAYS TO COMPLETE THE COURSE. Before you enroll, review the system requirements to ensure that your system meets the minimum requirements for this course. AFTER YOU ARE ENROLLED IN THIS COURSE, YOU WILL NOT BE ABLE TO CANCEL YOUR ENROLLMENT. You are billed for the course when you submit the enrollment form. Self-Paced Virtual Classes are non-refundable. Once you purchase a Self-Paced Virtual Class, you will be charged the full price. After you receive confirmation that you are enrolled, you will be sent further instructions to access your course material and remote labs. A confirmation email will contain your online link, your ID and password, and additional instructions for starting the course. You can start the course at any time within 12 months of enrolling for the course. After you register/start the course, you have 30 days to complete your course. Within this 30 days, the self-paced format gives you the opportunity to complete the course at your convenience, at any location, and at your own pace. The course is available 24 hours a day. If the course requires a remote lab system, the lab system access is allocated on a first-come, first-served basis. When you are not using the elab system, ensure that you suspend your elab to maximize your hours available to use the elab system.

System Requirements

To participate in both the lectures and labs for this course, the student workstation must meet the following hardware requirements:

• Minimum of 256 MB of memory

• Windows 98 or higher

• Headset with microphone, or separate microphone and speakers

• Internet Explorer 5.5 or higher

• 128-bit encryption (Versions of Internet Explorer prior to version 6.0 and Windows 98, NT 4.0, and 2000 must have the High Encryption Packs installed)

• Citrix ICA Client (Installed when you access e-lab during class)

• High speed internet (56K bps or higher)

NOTE: The Citrix application (web client or full package) requires access to port 443 (https). Please ensure personal and corporate firewalls have this port open.

OBJECTIVES • Describe the purpose and capabilities of the QRadar SIEM licensed program

• Describe how QRadar SIEM collects data and performs vulnerability assessment

• Learn how to navigate and customize the dashboard tab

• Learn how to investigate the information contained in an offense and respond to an offense

• Learn how to find, filter, and group events in order to gain critical insights about the offense

• Learn how to create and edit a search that monitors the events of suspicious hosts

• Learn how asset profiles are created and updated, and how to use them as part of an offense investigation

• Learn how to investigate the flows that contribute to an offense, create and tune false positives, and investigate superflows

• Learn how to find custom rules in the QRadar SIEM console, assign actions and responses to the rule, and how to configure rules

• Learn how to use charts and apply advanced filters to examine specific activities in your environment

AUDIENCE This basic course is suitable for security analysts, security technical architects, offense managers, network administrators, and system administrators.

PREREQUISITES You must have:

• Basic TCP/IP networking skills

• System administration knowledge

• Basic information security skills

TOPICS 1. Unit 1: Introduction to IBM Security QRadar SIEM

2. Unit 2: How QRadar SIEM collects security data

3. Unit 3: Using the QRadar SIEM Dashboard

4. Unit 4: Investigating an offense that is triggered by events

5. Unit 5: Investigating the events of an offense

6. Unit 6: Using asset profiles to investigate offenses

7. Unit 7: Investigating an offense that is triggered by flows

8. Unit 8: Using rules and building blocks

9. Unit 9: Creating QRadar SIEM reports

10. Unit 10: Performing advanced filtering